The PCI-DSS (Payment Card Industry Data Security Standard) is an industry regulatory standard, written and maintained by the PCI Security Standards Council (PCI SSC), that provides a baseline of technical and operational requirements for organizations that store, process, or transmit cardholder data (CHD) and/ or sensitive authentication data (SAD), or could impact the cardholder data environment (CDE). Components that could be impacted/in scope for PCI-DSS
include network devices, servers, computing devices, virtual components, cloud components, and software. PCI-DSS undergoes regular evolution as threats and attacks grow more sophisticated and is currently on version 4.0.
HanaByte leads expertise in automating and implementing compliance services and are able to conduct a PCI-DSS readiness assessment tailored to your organization before you initiate a formal PCI-DSS audit. If your bank or other financial institution has not already selected an audit firm, we can provide coaching to select an audit and certification firm appropriate for your business.
Review of your existing CDE including control implementations, infrastructure, software, people, policies, procedures, and any relevant documentation to perform a gap assessment against the PCI-DSS framework.
Perform workshops about PCI-DSS compliance and procedures – educating key stakeholders, technical personnel, and support teams about compliance and PCI scope. Workshops are interactive and are used to learn more about your business.
Provide guidance based on findings for your existing environment/project or new PCI compliance/audit endeavors.
Deliverables
Gap assessment report describing HanaByte’s findings and recommendations.
Variety of workshops related to PCI compliance/processes.
Roadmap for compliance.
Assistance as needed during the engagement.
Personnel
Security Consultant(s), billed 5 days, full-day, per week for the engagement. Resource count based on client business needs.
Customer Responsibilities
Provide access to relevant documentation (including policies, procedures, and diagrams), personnel, and current in-scope infrastructure and systems.
Assessment of your existing CDE (if applicable) including control implementations, infrastructure, software, people, policies, procedures, and any relevant documentation to perform a gap assessment against the PCI-DSS framework.
Post-assessment workshop – HanaByte will present and detail findings from the gap assessment report.
Deliverables
Gap assessment report describing HanaByte’s findings.
Personnel
Security Consultant(s), billed 5 days, full-day, per week for the engagement. Resource count based on client business needs.
Customer Responsibilities
Provide access to relevant documentation (including policies, procedures, and diagrams), personnel, and current in-scope infrastructure and systems.
Review of your existing CDE including control implementations, infrastructure, software, people, policies, procedures, and any relevant documentation to perform a gap assessment against the PCI-DSS framework.
Perform workshops about PCI-DSS compliance and procedures — educating key stakeholders, technical personnel, and support teams about compliance and PCI scope. Workshops are interactive and are used to learn more about your business.
Deliverables
Gap assessment report describing HanaByte’s findings and recommendations.
Variety of workshops related to PCI compliance/processes.
Personnel
Security Consultant(s), billed 5 days, full-day, per week for the engagement. Resource count based on client business needs.
Customer Responsibilities
Provide access to relevant documentation (including policies, procedures, and diagrams), personnel, and current in-scope infrastructure and systems.
