At MegaplanIT, we don’t just audit. We pride ourselves on the partnerships we create with companies and the step-by-step guidance we provide for them throughout the entire process of assessment, remediation, and compliance achievement. Your security is our priority, and we’re here to ensure that your customers will always be able to trust that their private information remains private.
We’re here to help break down the complex requirements of PCI-DSS 3.2 (the latest version of the Payment Card Industry Data Security Standard, released in 2016), and expedite your path to compliance.
WHAT IS IT?
Our PCI-DSS 3.2 Gap Assessment Service analyzes your current level of compliance and examines all aspects of your cardholder environment under the stringent 3.2 security regulations. This “pre-assessment” gives us a picture of your existing strengths and weaknesses and can help reduce the scope and cost of your final PCI-DSS 3.2 Assessment.
The strong relationships we build with our clients allow us to deliver accurate results and customized service, as well as reduce costs for the companies we serve. During your PCI-DSS 3.2 Gap Assessment, our consultants will partner with your team, both on- and off-site, to assess and control risks related to your unique circumstances. MegaplanIT will identify the specific PCI-DSS regulations that apply to your business and focus on taking the steps needed to bring your cardholder environment into compliance.
The goal of this phase is to find out exactly where and how your environment falls out of line with PCI-DSS compliance requirements. Our experts will do an in-depth analysis of your overall control environment and the specific technical controls within it by gathering all relevant information related to your system designs, deployment documentations, procedures, and standards. Every aspect of your cardholder environment will be critically examined and compared to leading industry security practices.
The scope of this review phase covers all 12 PCI-DSS Requirements and serves as a baseline for subsequent gap analyses. This phase also allows us to identify the key controls we'll need to further test your cardholder environment. During the Current-State Readiness Review Phase, our team of specialists will perform a full review of your company's documentation with regard to:
Overall system design, including key interface definitions and designs.
Recent (or planned) website changes and their potential impact on current PCI-DSS compliance.
IT infrastructure, including network engineering, infrastructure automation and host and operating system engineering.
System and infrastructure monitoring.
General security information.
During this review, we will also:
Partner with your organization to identify stakeholders and project participants through meetings and review of documentation.
Conduct in-depth interviews with Functional Component-designated representatives.
Obtain in-person explanations of the system and its key constituents.
Review relevant documentation with the designated representative to address whether verbal descriptions and written documentation are fully aligned.
Provide feedback to the designated representative regarding strengths and gaps
During the next phase of your comprehensive Gap Analysis, MegaplanIT's Qualified Security Assessors (QSAs) will identify specific control gaps in your system that may threaten your organization’s security and jeopardize compliance.
Our QSAs use the comprehensive information gathered in the previous phase to compare the intended design and function of your control mechanisms against actual performance, as well as perform extensive tests to analyze the effectiveness of existing controls.
After the Gap Analysis, our expert QSAs will mentor your team on how to remediate any risks to your cardholder environment and keep it compliant and secure well into the future.
During the Gap Analysis, MegaplanIT will:
MegaplanIT's PCI-DSS 3.2 Gap Assessment Service is a critical step towards achieving full regulatory compliance. Don't wait until a formal audit to find out if you're compliant—identify where your vulnerabilities lie in advance to reduce the scope and cost of your compliance initiatives.