PCI DSS Gap Assessment

IBM Security Services' PCI DSS Gap assessment service offers an on-site assessment to identify any gaps in compliance with respect to the PCI Data Security Standard.

Highlights

Highlights
  • Pre-assessment "Gap" Analysis
    • A customized gap assessment determines the current compliance level and the specific steps required to achieve PCI compliance before performing the formal assessment. Proven IBM methodology educates clients on PCI fundamentals.
    • The On-site assessment that includes interviews with client, a review of the current network technology configuration and recommendations with respect to PCI compliance.
    • Includes an in-depth physical and logical data flow analysis. Clients gain a full understanding of all business instances where PCI DSS applies, and how to protect or remove data from these instances to limit the scope and impact of PCI DSS.
    • IBM consultants will develop paths to compliance and indicate how to use compensating controls for maximum benefit and risk reduction. As the first step toward compliance, IBM PCI assessments include:
    • A customized gap assessment determines the current compliance level and the specific steps required to achieve PCI compliance before performing the formal assessment. Proven IBM methodology educates clients on PCI fundamentals.
    • The On-site assessment that includes interviews with client, a review of the current network technology configuration and recommendations with respect to PCI compliance.
    • Includes an in-depth physical and logical data flow analysis. Clients gain a full understanding of all business instances where PCI DSS applies, and how to protect or remove data from these instances to limit the scope and impact of PCI DSS.
    • IBM consultants will develop paths to compliance and indicate how to use compensating controls for maximum benefit and risk reduction. As the first step toward compliance, IBM PCI assessments include:

Service detail

Service details
  • PCI DSS Gap Assessment Report
    • Interim Report on Compliance (RoC) with audit criteria documented and detailing both compliant and non-compliant items
    • Completed formal Gap Assessment document detailing all non-compliant items.
    • Gap Assessment report not submitted to acquirer, typically used as remediation tracking document.
    • Assist client with project compliance milestones and negotiations on timeline or compensating controls with acquiring institutions or card brands.
  • Allows clients who may be new to PCI, have been up-graded to a new level or have made recent changes to their network infrastructure to understand the requirements and make any necessary adjustments to their technology or processes prior to a PCI audit.
  • Enables business-aligned security controls to help manage regulatory compliance and look for compensating controls wherever possible
  • Helps reduce potential costs and complexity of security of non-compliance by providing guidance of the PCI latest requirements
  • Provides clients with access to IBM's Web-based self-study course on PCI fundamentals to ensure understanding of the compliance validation requirements and process.

Related resources

Find studies, papers and briefs on this topic

NOTE: JavaScript is disabled in your browser. SSI information is only available when JavaScript is enabled.