Gap Analyses – Reviewing business systems and organisational processes for compliance with the PCI Data Security Standard (DSS) mandatory requirements and identifying non-compliant gaps and weaknesses.
Gap Treatment Plan – Planning remediation activities and projects to bring businesses into compliance making use of the PCI prioritised approach.
Liaison with Acquirers and Card Brands – Advising, supporting and leading regular reporting, communications and presentations on behalf of clients.
Risk Assessments – Conducting detailed cyber security risk assessments in relation to payment card data processing, storage and transmission.
Information Security Policies and Procedures – Formulating and documenting enterprise security policies (including baseline security controls) and procedures which harmonise with the mandatory requirements of the PCI DSS.
Mapping Business Processes – Analysing and documenting processes which relate to the acceptance, processing, storage and transmission of payment card data.
Security Architecture of PCI Systems, Applications and Infrastructure – Reviewing proposed architectural solutions to PCI DSS challenges.
Requirements and High-level Design of PCI Systems – Providing strategic advice on the design of systems that store, process and / or transmit payment card data.
Hands-on PCI Readiness Audits – Conducting PCI readiness audits and providing training on how to respond to formal PCI audits.
PCI Awareness Training – Giving presentations and delivering personal training, mentoring and coaching in all aspects of PCI DSS compliance.
Third-Party Evaluations – Reviewing and assessing the security position of third-party providers in the payment card processing supply chain.
Evaluating Supplier Tooling – Assessing the merits, worth and cost-effectiveness of various PCI tools and systems. For example: payment card search tools, security event monitoring, logging and alerting tools and systems.
Design and Implementation of Compensating Controls – Designing and establishing appropriate compensating controls to meet compliance targets wherever strict adherence to PCI mandatory requirements cannot be fully achieved.
Security Incident Management – Acting as a key member of the incident management team, drawing upon a wide variety of organisational expertise (e.g. physical security, access controls, monitoring, data protection, legal and communications teams).