用草图创建.

PCI DSS合规性
Payment Card Industry Data Security Standard

Successfully obtaining and maintaining Payment Card Industry Data Security Standard (PCI DSS) compliance can sometimes be a monumental effort between a number of business processes across a variety of business units, encompassing both manual and automated procedures that involve an array of systems and personnel throughout the organization.

Download our PCI DSS Service Overview

As a certified Qualified Security Assessor (QSA), Schneider Downs is equipped to assist clients with their PCI compliance journey from the initial scoping and/or reduction of their cardholder data environment (CDE), 差距/准备评估, and formal examinations resulting in a completed Self-Assessment Questionnaire (SAQ) or Report on Compliance (ROC) and accompanying Attestation of Compliance (AOC). 除了, the Schneider Downs Cybersecurity team provides several services pertinent to PCI DSS compliance, including penetration testing and segmentation testing.

Based on published guidance and experience, the Schneider Downs team developed a five-phase approach to achieving an effective PCI compliance program with each phase following a clear, concise framework designed to deliver value to our clients.

Phase I – Awareness and Project Support

Develop the awareness of PCI compliance requirements and the related consequences of non-compliance at the senior management level.

Phase II – Inventory and Dataflow

Inventory and document the flow of credit card information throughout the organization’s various processes, 包括数据来源, 动态数据, 静止数据和使用数据. During the credit card information lifecycle assessment, we will utilize the following attributes associated with the flow of credit card data:

  • 数据来源: The methods for initiation of credit card transactions throughout the organization including identifying the electronic and manual methods used to accept credit card information.
  • 动态数据: Map the flow of the credit card information throughout the organization either in paper or electronic form to identify an inventory of all technology components that are instrumental in the transportation, processing and routing of the credit card information.
  • 静态数据: Identify throughout the organization where credit card information is stored and the format (paper, 电子)的数据.
  • 使用数据: Develop a list of personnel that can access or that utilizes the credit card information.

Phase III – Design and Scoping

Begin to formulate our strategic IT architecture and process design recommendations that will limit the areas of the network that fall within the scope of the PCI compliance effort.

Phase IV – Reporting and Remediation Roadmap

Prepare an executive level report detailing the results of our analysis designed to provide a realistic understanding of the current state of your control environment and the risk associated with each of the identified weaknesses or gaps.

Phase V – Sustainment and Governance

Provide recommendations that would enhance your compliance governance structure and imbed controls in your ongoing processes that will address key security and control activities into operational processes, helping make PCI a core organizational competency. 

Our approach can be tailored to meet the existing needs of, and current task being undertaken by, 你的组织.

View our additional IT Risk Advisory services and capabilities

违反了?

每一刻都很重要. 紧急请求, contact the Schneider Downs digital forensics and incident response team at 1-800-993-8937. For all other requests, please complete the form below.

"*表示必填字段

This field is for validation purposes and should be left unchanged.