banner3.png

 

PCI GAP Assessments

PCI Security Standards are technical and operational requirements set by the PCI Security Standards Council to protect cardholder data. The standards apply to all organizations that store, process or transmit cardholder data.

If your organization accepts payment cards, you are required to be compliant with the PCI Data Security Standard. Small merchants are prime targets for data thieves. Criminals are now shifting to small merchants because they know small businesses usually have lax security for cardholder data. In fact, more than 80% of attacks target small merchants. If your small business is at fault of a security breach, the fallout can be severe:

·       Fines and penalties
·       Termination of ability to accept payment cards
·       Lost confidence of customers
·       Lost sales
·       Legal costs, settlements and judgments
·       Fraud losses
·       Higher subsequent costs of compliance
·       Going out of business

The real value to the PCI GAP Assessment are the powerful reports that will be customized for your specific business. These documents will help you understand your risks, if any, and serve as “proof” that you’ve done your due diligence in the event of a surprise audit or post-breach investigation. These reports will include:

·       PCI Policies & Procedures Report
·       PCI Risk Analysis Report
·       PCI Risk Profile Report
·       PCI Management Plan
·       Evidence of PCI Compliance Report
·       Cardholder Data Environment Worksheet
·       External Port Security Worksheet
·       Server Function Identification Worksheet
·       User ID Worksheet
·       Antivirus Capability Identification
·       Compensating Controls Worksheet

One Way Logic (OWL) provides two types of PCI GAP Assessments:

1.     One-Time PCI GAP Assessment. This is the best choice for the small merchant that knows a gap assessment has to be performed, but don’t have the resources to invest in cardholder protection. This service will include all of the above documents in an organized fashion. These core documents will be considered the “Basic” service and will help your organization meet their responsibility of having an audit conducted.

2.     Managed Compliance Service. Organizations are constantly changing: New users, computers, servers, software and devices are constantly being added to the network. The PCI GAP Assessment you perform today has a “shelf-life”. How long that is, depends on the type of business, size of the organization and the speed of change. Having monthly or quarterly re-assessments is the best way to ensure that your organization remains compliant at all times.