Complying with PCI DSS
Deloitte roadmap to PCI compliance
1. Pre-readiness scoping
- Do we need to comply
- Determine level definition
- Define compliance need
- Undertake risk analysis
- Align compliance targets with business strategy and plans
- Formulate program to compliance
2. Readiness activity
- Gap analysis of current controls
- Define remediation plan
- Design PCI controls that mitigate risks from risk register
- Implement PCI controls for each requirement that mitigate risks from the risk register
- Assess implemented controls and evaluate risk mitigation capability
- Verify readiness for comprehensive onsite
- PCI audit (Dependent on level definition)
3. Validation of compliance
- Quarterly external network scans
- Comprehensive onsite PCI Audit OR self assessment questionnaire (Dependent on level definition)
- Develop remediation roadmap for non-compliant areas
Talk to the team
Copyright © 2012 Deloitte. A member of Deloitte Touche Tohmatsu Limited. All rights reserved.