This program supports your organization through the entire PCI compliance life cycle to help you build repeatable, consistent processes for achieving and maintaining compliance. This methodology is intended to be cyclical, as moving through the phases promotes program maturity and transitions compliance efforts to a more managed, automated, and measurable state. In addition, routinely validating scope and aligning organizational components can help you identify new opportunities for optimization. This approach is scalable for organizations of any size, compliance footprint, and maturity level.
The PCI SCORE phases consist of the following:
S – Scope evaluation:The PCI DSS calls for scope evaluation on an annual basis. We can help you understand how and where you process, transmit and store credit card data, as well as how connected systems may affect the scope of your PCI compliance. The scope evaluation will give you a better understanding of what your PCI assessment will entail, which SAQ will apply, or whether you are required to complete a ROC.
C – Collaborative remediation: We identify gaps, help reduce the scope and advise on remediation strategies. By collaborating with your team, we can pursue an efficient and consistent remediation effort.
O – Organizational alignment: This phase is essential to maintaining a mature PCI program. The goal is to remove organizational silos and create cohesiveness across business functions. To this end, our team provides input on roles and responsibilities. It also helps you outline an overarching compliance strategy encompassing your entire regulatory footprint (e.g., PCI standards, privacy regulations, and other federal and state laws).
R – Reporting compliance: In addition to helping you report initial compliance, we help you establish a process to maintain and monitor compliance on an ongoing basis. We assist with developing internal reporting and oversight to ensure a strong compliance reporting framework. We also help you lay the foundation for continual compliance, such as using dashboards for ongoing monitoring and consistent validation of controls.
E – Evolving maturity: The final SCORE phase involves cultivating the ability to demonstrate compliance at any time of year and adapt to evolving hardware, software, and business requirements. This may include leveraging a governance, risk management, and compliance integration or an audit management solution to automate and centralize responses to regulatory compliance requests. These efforts help to integrate compliance into routine business processes and continually mature your compliance program.