IBM Security Services' PCI DSS Gap assessment service offers an on-site assessment to identify any gaps in compliance with respect to the PCI Data Security Standard.
Pre-assessment "Gap" Analysis
A customized gap assessment determines the current compliance level and the specific steps required to achieve PCI compliance before performing the formal assessment. Proven IBM methodology educates clients on PCI fundamentals.
The On-site assessment that includes interviews with client, a review of the current network technology configuration and recommendations with respect to PCI compliance.
Includes an in-depth physical and logical data flow analysis. Clients gain a full understanding of all business instances where PCI DSS applies, and how to protect or remove data from these instances to limit the scope and impact of PCI DSS.
IBM consultants will develop paths to compliance and indicate how to use compensating controls for maximum benefit and risk reduction. As the first step toward compliance, IBM PCI assessments include:
PCI DSS Gap Assessment Report
Interim Report on Compliance (RoC) with audit criteria documented and detailing both compliant and non-compliant items
Completed formal Gap Assessment document detailing all non-compliant items.
Gap Assessment report not submitted to acquirer, typically used as remediation tracking document.
Assist client with project compliance milestones and negotiations on timeline or compensating controls with acquiring institutions or card brands.
Allows clients who may be new to PCI, have been up-graded to a new level or have made recent changes to their network infrastructure to understand the requirements and make any necessary adjustments to their technology or processes prior to a PCI audit.
Enables business-aligned security controls to help manage regulatory compliance and look for compensating controls wherever possible
Helps reduce potential costs and complexity of security of non-compliance by providing guidance of the PCI latest requirements
Provides clients with access to IBM's Web-based self-study course on PCI fundamentals to ensure understanding of the compliance validation requirements and process.