PCI DSS Scope Assessment and Reduction

PCI DSS Scope Assessment and Reduction

Contract our PCI DSS Scope Assessment service and one of our Qualified Security Assessor (QSA) provides consultancy support in drafting the data flow diagrams, evaluates segmentation and defines the scope for PCI DSS. The QSA advises on scope reduction with further segmentation and process changes.

Your challenge

Assessing and reducing the scope of a PCI project is an important task when preparing to comply with the PCI DSS. An incorrect scope may affect the rest of the implementation and almost certainly risk non–compliance.

Our consultants can advise you on how your PCI DSS scope can be reduced using a variety of techniques and will explain the benefits and drawbacks of the different options available to you.

All of IT Governance’s proposed scope reductions are vendor agnostic and do not involve any specific vendor solutions or technologies.

By completing an assessment, you can:

• Reduce the card holder data environment as much as possible;
  
• Lower the risk of a data breach;
  
• Remove unnecessary and costly PCI DSS controls, and
  
• Reduce your PCI validation type.

Our service offering 

• An assessment to identify the cardholder data environment (CDE).
  
• Determine the different types of cardholder data your organisation is processing.
  
• Support in drafting the data flow diagram (data, process, people).
  
• Establish which technologies impact your cardholder data environment (CHD).
  
• Determine the risks posed by network components, servers and application.
  
• Advise on the segmentation controls to isolate the CHD.
  
• Develop recommendations necessary to reduce the scope.
  
• A management report outlining the findings of assessment.