This site uses cookies to provide you with a more responsive and personalised service. By using this site you agree to our use of cookies. Please read our cookie notice for more information on the cookies we use and how to delete or block them.

Bookmark Email Print page

Complying with PCI DSS

Deloitte roadmap to PCI compliance

1. Pre-readiness scoping
  • Do we need to comply
  • Determine level definition   
  • Define compliance need
  • Undertake risk analysis
  • Align compliance targets with business strategy and plans
  • Formulate program to compliance
2. Readiness activity 
  • Gap analysis of current controls
  • Define remediation plan
  • Design PCI controls that mitigate risks from risk register
  • Implement PCI controls for each requirement that mitigate risks from the risk register
  • Assess implemented controls and evaluate risk mitigation capability
  • Verify readiness for comprehensive onsite
  • PCI audit (Dependent on level definition)
3. Validation of compliance
  • Quarterly external network scans
  • Comprehensive onsite PCI Audit OR self assessment questionnaire (Dependent on level definition)
  • Develop remediation roadmap for non-compliant areas

Talk to the team

  • Faris Azimullah
    Enterprise Risk Services Partner
Stay connected:
Get connected
Share your comments


More on Deloitte
Learn about our site