PCI Assessment

PCI Compliance

PCI Security Standards are developed specifically to protect payment account data throughout the payment lifecycle and enable technology solutions that devalue this data and remove the incentive for criminals to steal it. PCI Compliance ensures that companies accept, process, store or transmit credit card data within a secure environment.

LCM’s PCI Assessment closely examines the scope of credit card usage throughout the organization to determine the correct processes required for and maintaining PCI Compliance. LCM supports our customers by doing a full PCI Assessment or assisting with Self-Assessment Questionnaires.

 Get Started on Your PCI Assessment

APPROACH TO PCI ASSESSMENT

LCM’s methodology for the PCI Assessment is based on PCI DSS 3.2. It will compare the current state of how the organization is handling credit card data with the standards set by PCI. The missing controls will not, in every case, need to be implemented, and this will vary depending on budget, resource availability and applicability to a business. A maturity rating will be applied to understand how well the existing controls have been implemented.

LCM recommends that this assessment be completed in six phases:

  1. Review the OSFI Framework

  2. Kick-off Meeting & Data Gathering

  3. Analyze All Gathered Data Information

  4. Prepare Documentation

  5. Draft Review

  6. Final Submission of Deliverables

The following goals are broken down into 12 specific domains and evaluated during LCM’s assessment process.

PCI DSS Goals:

  1. Build and Maintain a Secure Network and Systems

  2. Protect Cardholder Data

  3. Maintain a Vulnerability Management Program

  4. Implement Strong Access Control Measures

  5. Regularly Monitor and Test Networks

  6. Maintain an Information Security Policy

PCI ASSESSMENT DELIVERABLES

Four documents will be created as a result of our activities:

  • Gap Summary: Including executive summary and a list of identified gaps and recommendations.

  • Cybersecurity Strategy Roadmap: Aligned with the PCI DSS 3.2 Domains.

  • Roadmap Proposal: A prioritized, project-based approach to remediation, based on the findings from the Gap Summary, that also satisfies budgetary requirements.

  • Implementation Plan: Mapped to the roadmap, including activities, required resources (people), time estimates to complete, tools/technologies where appropriate, priority, recommended order of implementation.

PCI ASSESSMENT DELIVERY TEAM

Lead Assessor: A seasoned Information Security expert with over 10 years of professional experience in the industry, possessing various certifications and a degree in information security. The assessor has conducted numerous PCI assessments for customers of various sizes across North America.

Virtual CISO: An Information Technology leader with over 20 years of experience in Cyber Security consulting and Managed Security Services, with CISA and CRISC certifications.

Report Writers: Will develop final reports based on the findings of the assessment.

Connect with Our Experts to Start Your PCI Assessment