Who is the Gap Analysis Aimed At?
URM’s PCI DSS gap analysis service is aimed at those organisations which are looking to benchmark their current corporate information security practices (relating to payment card data) against the Standard and understand their readiness for a c
The gap analysis is often the first step of a PCI DSS project and provides you with a roadmap for achieving compliance.
This service will typically involve one of URM’s QSAs spending time on your site or meeting remotely with those individuals responsible for:
- The PCI DSS programme
- Network administration and cardholder systems
- Developing company policies and procedures
Focus of Gap Analysis
URM’s QSA will assess your organisation’s practices against the 12 high-level PCI DSS requirements as follows:
- Install and maintain network security controls
- Apply secure configurations to all system components
- Protect stored account data
- Protect cardholder data with strong cryptography during transmission over open, public networks
- Protect all systems and networks from malicious software
- Develop and maintain secure systems and software
- Restrict access to system components and cardholder data by business ‘need to know’
- Identify users and authenticate access to system components
- Restrict physical access to cardholder data
- Log and monitor all access to system components and cardholder data
- Test security of systems and networks regularly
- Support information security with organisational policies and programs
Gap Analysis Outputs
The key output from our PCI DSS gap analysis service will be a report that includes:
- A definition of your cardholder data environment (CDE) and in-scope business processes, applications, devices, networks, facilities and service providers
- An assessment of how closely your organisation meets each of the PCI DSS requirements
- Recommendations for reducing the scope of the CDE, where applicable, thus reducing the potential cost of compliance
- Detailed recommendations for remediating any areas of non-compliance
- Advice regarding your organisation's best options for achieving PCI DSS compliance quickly and cost-effectively, drawing upon our QSAs’ experience working with similar organisations.
URM can help you achieve ISO 27001 certification
URM can provide a range of ISO 27002:2022 transition services including conducting a gap analysis, supporting you with risk assessment and treatment activities as well as delivering a 2-day transition training course.
If you want to learn more about ISO 27002:2022 and how to implement the new controls and the new attributes, you can attend URM’s ISO 27001:2022 Control Migration Course.
After the recent changes to PCI DSS v4.0 we're examining factors behind the greater utilisation of MFA, and what the key changes are in requirements.
The Payment Card Industry Security Standards Council (PCI SSC) defines scoping as “the process of identifying all system components....
After several years wait, and to surprisingly little fanfare, the PCI SSC released the new version of the PCI Data Security Standard (DSS).