Who is the Gap Analysis Aimed At?

URM’s PCI DSS gap analysis service is aimed at those organisations which are looking to benchmark their current corporate information security practices (relating to payment card data) against the Standard and understand their readiness for a compliance assessment.

The gap analysis is often the first step of a PCI DSS project and provides you with a roadmap for achieving compliance.

This service will typically involve one of URM’s QSAs spending time on your site or meeting remotely with those individuals responsible for:

  • The PCI DSS programme
  • Network administration and cardholder systems
  • Developing company policies and procedures

Focus of Gap Analysis

URM’s QSA will assess your organisation’s practices against the 12 high-level PCI DSS requirements as follows:

  1. Install and maintain network security controls
  2. Apply secure configurations to all system components
  3. Protect stored account data
  4. Protect cardholder data with strong cryptography during transmission over open, public networks
  5. Protect all systems and networks from malicious software
  6. Develop and maintain secure systems and software
  7. Restrict access to system components and cardholder data by business ‘needto know’
  8. Identify users and authenticate access to system components
  9. Restrict physical access to cardholder data
  10. Log and monitor all access to system components and cardholder data
  11. Test security of systems and networks regularly
  12. Support information security with organisational policies and programs

Gap Analysis Outputs

The key output from our PCI DSS gap analysis service will be a report that includes:

  • A definition of your cardholder data environment (CDE) and in-scope business processes, applications, devices, networks, facilities and service providers
  • An assessment of how closely your organisation meets each of the PCI DSS requirements
  • Recommendations for reducing the scope of the CDE, where applicable, thus reducing the potential cost of compliance
  • Detailed recommendations for remediating any areas of non-compliance
  • Advice regarding your organisation's best options for achieving PCI DSS compliance quickly and cost-effectively, drawing upon our QSAs’ experience working with similar organisations.

Thumbnail of the Blog Illustration
Information Security
Top 5 common pitfalls of PCI DSS compliance

As a Payment Card Industry Qualified Security Assessor (PCI QSA) company, we are often asked by organisations which process card payments what are main pitfalls to avoid in complying with...

Read more
Thumbnail of the Blog Illustration
Information Security
PCI DSS v4 – Changes at a Glance

After several years wait, and to surprisingly little fanfare, the Payment Card Industry Security Standards Council (PCI SSC) released the new version of the PCI Data Security Standard (DSS) ...

Read more
Thumbnail of the Blog Illustration
Information Security
Benefits of PCI DSS Compliance

In recent blogs, we have focused on how best to ensure you comply with the PCI Data Security Standard. However, this week we will look at what the benefits are of achieving and maintaining compliance…

Read more
URM's diligence during these audits has resulted in the business as a whole pulling together to collectively ensure that we up to par with the requirements. While our working relationship with URM’s consultant is fantastic, we are held to account for every bullet point of every requirement on every audit, which is precisely what we expect. The consultant’s efforts in ensuring that our PCI compliance is audited correctly is highly appreciated, as it gives the company an accreditation that we can be proud of and that we can show off to existing and prospective customers as proof of our security posture. A huge thank you to URM for providing such a valuable service.
Open Banking Platform
contact US

Let us help you

Let us help you in your compliance journey by completing the form and letting us know how we can best support you.