PCI DSS Assessment
Our
PCI Certification
engagement focuses on assessment, remediation, and certification of our
client’s information and network security. HEALTHINOVATION’s
collaborative
approach aligns the organizations individual business units with their
technology needs according to the PCI Security Audit and Reporting
Procedures.
Outlined are key activities, deliverables, and milestones for ensuring
the organizations PCI DSS
compliance and certification.
Phase 1: Project Definition and Scope
- Executive view of all 12 core PCI DSS standards necessary
for meeting compliance
- Executive view of HEALTHINOVATION’s PCI DSS offering,
approach and deliverables
- Definition of key personnel and project timeline and
milestones
Phase 2: Gap Analysis
- Review and analysis of current policies, procedures, and
initiatives throughout the organization
- Analysis of debit/credit (i.e., payment) transaction
environment
- Identifying and analyzing all significant third party
outsourcers and managed service providers used by the organization
- Create Gap Analysis report
Phase 3: Remediation, Consultation & Implementation
- Joint review of the PCI DSS Gap Analysis findings and
recommendations
- Create remediation and implementation project plan
- Organizational remediation of identified deficiencies or
issues regarding PCI DSS compliance
Phase 4: Assessment and Reporting
- Assessment of Organizations PCI DSS Compliance
- Generation of Report on Compliance
- Issue PCI DSS v2.0 Compliance Certificate
- Submission of Report on Compliance to applicable card
brands and acquirers
Additional Services:
- Policy and Procedure development
- Internal Vulnerability and Penetration testing
- Quarterly Network Vulnerability Scans by a certified PCI
ASV (ContolScan)
- Technical Remediation and Consulting, CISO On-Demand
Resource Documents
- PCI Data Security Standard
|