PCI DSS Gap Analysis
Who is the Gap Analysis Aimed At?
URM’s PCI DSS gap analysis service is aimed at those organisations which are looking to benchmark their current corporate information security practices (relating to payment card data) against the Standard and understand their readiness for a compliance assessment.
The gap analysis is often the first step of a PCI DSS project and provides you with a roadmap for achieving compliance.
This service will typically involve one of URM’s QSAs spending time on your site meeting with those individuals responsible for:
- The PCI DSS programme
- Network administration and cardholder systems
- Developing company policies and procedures
Focus of Gap Analysis
URM’s QSA will assess your organisation’s practices against the 12 high-level PCI DSS requirements as follows:
- Install and maintain a firewall configuration to protect
cardholder data - Do not use vendor-supplied defaults for system passwords
and other security parameters - Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public
networks - Protect all systems against malware and regularly update
antivirus software or programs - Develop and maintain secure systems and applications
- Restrict access to cardholder data by business need
to know - Identify and authenticate access to system components
- Restrict physical access to cardholder data
- Track and monitor all access to network resources and
cardholder data - Regularly test security systems and processes
- Maintain a policy that addresses information security for
all personnel
Gap Analysis Outputs
The key output from our PCI DSS gap analysis service will be a report that includes:
- A definition of your cardholder data environment (CDE) and
in-scope business processes, applications, devices, networks,
facilities and service providers - An assessment of how closely your organisation meets each
of the PCI DSS requirements - Recommendations for reducing the scope of the CDE, where
applicable, thus reducing the potential cost of compliance - Detailed recommendations for remediating any areas of
non-compliance - Advice regarding your organisation's best options for achieving
PCI DSS compliance quickly and cost-effectively, drawing upon
our QSAs’ experience working with similar organisations.
Let us help you! Compliance made easy and fast-track support
More about PCI DSS
Consultancy Services
Auditing Services
About URM
URM is dedicated to providing high quality, cost-effective and tailored consultancy and training in the areas of information security, data protection, business continuity and risk management.
Our office is open 08:00 – 17:30 Monday to Friday.
Email: info@urmconsulting.com
Phone : +44 (0)118 206 5410