PCI DSS Gap Analysis
Our Payment Card Industry Data Security Standard (PCI DSS) Gap Analysis provides a detailed review of your current PCI DSS compliance and produces a roadmap, which can be implemented to achieve full compliance with the standard.
Assess your current PCI DSS compliance
Our PCI DSS Gap Analysis reviews an organisation’s cardholder data environment (CDE) against the latest version of the Standard. In-scope systems and networks are reviewed and a detailed report compiled, showing areas that need attention.
By contracting our PCI DSS Gap Analysis service, we can help your organisation pass the annual audit, or build a CDE and infrastructure that meet the requirements of the Standard.
Why is a PCI DSS gap analysis so important?
Based on our experience, very few clients maintain full compliance with the PCI DSS v3.2 requirements. Findings from Verizon’s 2017 Payment Security Report support this view. After studying 11 years of forensic breach investigations, Verizon found that not a single company was PCI DSS compliant at the time of a breach. 89% of breached companies were never compliant, and 11% were PCI DSS compliant at one point, but not at the time of the breach.
As organisations evolve, business and customer demand require changes to technology and processes. These changes can affect an organisation’s PCI DSS status. Although PCI DSS compliance is increasing, more than 40% of global organisations – large and small – are still not meeting PCI DSS compliance requirements. Of those that pass validation, nearly half fall out of compliance within a year.*
- of organisations that suffered a breach were not compliant with the Standard.
- of organisations achieved PCI DSS compliance at the interim assessment.
- is the average percentage of controls not in place for companies failing their interim assessment.
* Verizon 2017 Payment Security Report
Why choose IT Governance for PCI consultancy?
Our services provide a tailored route to PCI compliance, scalable to your budget and need.
We go further than a simple ‘yes/ no’ approach to understand better how security measures work.
We work in partnership to help you understand what is required and why giving you control.
We can offer expertise to vet compensating controls and determine whether they are acceptable.
Companies using our PCI DSS products and services:
"IT Governance were very professional and pragmatic in their approach, and displayed a level of understanding of our business that we found unique and refreshing.” Damien Everard, COO of Appletree.
The value of completing a PCI DSS gap analysis
A PCI DSS gap analysis is usually the first step clients take to understand their compliance status. It provides a detailed comparison of what their business is currently doing against what it should be doing to be compliant with the PCI DSS. The analysis reviews the business’ current security controls to protect cardholder data against the specific controls required by the PCI DSS. It identifies the ‘gap’ that needs to be addressed.
By completing a gap analysis, you can:
- Create a snapshot of PCI DSS compliance;
- Identify areas requiring immediate attention, and cost-effective remediation, in prioritised terms;
- Improve cost forecasting and budget justification for a PCI DSS compliance programme; and
- Gain an awareness of your company’s ability to comply with any new release of the Standard, such as PCI DSS v3.2.
A PCI gap analysis conducted by an IT Governance QSA will map critical information processes and technical infrastructure. By assessing your current state of compliance, we can outline the most cost-effective approach to meeting the PCI DSS obligations.
Get in contact
We have a team of account managers and security consultants to discuss your PCI DSS challenges. For more information, please contact us.
Speak to an expert
Please contact us for further information or to speak to an expert.