Sign up for our newsletter! →

PCI DSS

The PCI-DSS (Payment Card Industry Data Security Standard) is an industry regulatory standard, written and maintained by the PCI Security Standards Council (PCI SSC), that provides a baseline of technical and operational requirements for organizations that store, process, or transmit cardholder data (CHD) and/ or sensitive authentication data (SAD), or could impact the cardholder data environment (CDE). Components that could be impacted/in scope for PCI-DSS include network devices, servers, computing devices, virtual components, cloud components, and software. PCI-DSS undergoes regular evolution as threats and attacks grow more sophisticated and is currently on version 4.0.

HanaByte leads expertise in automating and implementing compliance services and are able to conduct a PCI-DSS readiness assessment tailored to your organization before you initiate a formal PCI-DSS audit. If your bank or other financial institution has not already selected an audit firm, we can provide coaching to select an audit and certification firm appropriate for your business.

PCI, HanByte, Compliance

PCI DSS v.4.0 Advisory Services

Scope

  • Review of your existing CDE including control implementations, infrastructure, software, people, policies, procedures, and any relevant documentation to perform a gap assessment against the PCI-DSS framework.
  • Perform workshops about PCI-DSS compliance and procedures – educating key stakeholders, technical personnel, and support teams about compliance and PCI scope. Workshops are interactive and are used to learn more about your business.
  • Provide guidance based on findings for your existing environment/project or new PCI compliance/audit endeavors.

Deliverables

  • Gap assessment report describing HanaByte’s findings and recommendations.
  • Variety of workshops related to PCI compliance/processes.
  • Roadmap for compliance.
  • Assistance as needed during the engagement.

Personnel

  • Security Consultant(s), billed 5 days, full-day, per week for the engagement. Resource count based on client business needs.

Customer Responsibilities

  • Provide access to relevant documentation (including policies, procedures, and diagrams), personnel, and current in-scope infrastructure and systems.

PCI DSS v.4.0 Gap Assessment

Scope

  • Assessment of your existing CDE (if applicable) including control implementations, infrastructure, software, people, policies, procedures, and any relevant documentation to perform a gap assessment against the PCI-DSS framework.
  • Post-assessment workshop – HanaByte will present and detail findings from the gap assessment report.

Deliverables

  • Gap assessment report describing HanaByte’s findings.

Personnel

  • Security Consultant(s), billed 5 days, full-day, per week for the engagement. Resource count based on client business needs.

Customer Responsibilities

  • Provide access to relevant documentation (including policies, procedures, and diagrams), personnel, and current in-scope infrastructure and systems.

PCI DSS v.4.0 Launch

Scope

  • Review of your existing CDE including control implementations, infrastructure, software, people, policies, procedures, and any relevant documentation to perform a gap assessment against the PCI-DSS framework.
  • Perform workshops about PCI-DSS compliance and procedures — educating key stakeholders, technical personnel, and support teams about compliance and PCI scope. Workshops are interactive and are used to learn more about your business.

Deliverables

  • Gap assessment report describing HanaByte’s findings and recommendations.
  • Variety of workshops related to PCI compliance/processes.

Personnel

  • Security Consultant(s), billed 5 days, full-day, per week for the engagement. Resource count based on client business needs.

Customer Responsibilities

  • Provide access to relevant documentation (including policies, procedures, and diagrams), personnel, and current in-scope infrastructure and systems.