If your organization doesn’t have an annual PCI audit requirement but wants to know its compliance posture for internal use, a PCI Gap Assessment & Analysis is perfect. As your organization is planning for Version 4.0, this is an ideal way to prep for the 4.0 cutover and identify how the changes from 3.2.1 to 4.0 need to be addressed in your specific environment.
Common concerns that an assessment can help address include:
- Are we meeting the requirements of the PCI DSS?
- What are the specific items that we need to focus on now, and after that?
- What are the quick wins? What are the longer term goals?
- I’m being asked by my team to sign this SAQ, are we actually compliant?
- How should I be thinking about Version 4.0?
- What policies and procedures are working well today? Where are gaps in documentation? How do we close those gaps?
- What technology changes might we need to plan for?
► Review PCI documentation and evidence to determine risk
► Interview staff and stakeholders
► Detailed and thorough benchmarking and recommendations