© 2018 RSM US LLP. All rights reserved.
PCI gap assessment
The gap assessment helps you identify holes in your PCI program so you can effectively move toward compliance.
PCI gap assessment
Compliance with the Payment Card Industry (PCI) is mandatory for any organization that handles credit card data. Noncompliance can have damaging effects. Though they may be aware of this obligation, many organizations may not know their current PCI status or may not understand how best to implement a PCI program. No matter how mature your PCI program may be, this assessment can help you move toward your desired state of compliance.
A PCI gap assessment helps you determine your readiness for an on-site Report on Compliance (RoC) assessment and determine how close your organization is to achieving PCI compliance. The process will help you understand key areas of weakness and noncompliance. Additionally, a PCI gap assessment helps you understand rapidly evolving security compliance obligations and helps you develop a strategy and plan for achieving compliance throughout the enterprise.
RSM’s approach maps out critical information processes and technical infrastructure to determine where PCI controls have an impact on the business. Based on our experience, few clients maintain full compliance with the PCI Data Security Standard 3.2 requirements on a yearly basis due to the dynamic nature of the technologies enabling card payment channels. Additionally, as the organization evolves, business and customer demand require ease of use and the latest technology to drive efficiency. All of these changes can affect an organization’s PCI status.
The goal of a PCI gap assessment is to gain a control-level understanding of the PCI environment. It identifies specific gaps and helps develop a strategy for meeting and maintaining compliance. This process is used to assess readiness for an upcoming PCI audit and to identify deficient controls that could potentially cause an audit failure.
By assessing your organization’s current state of compliance, RSM can outline a cost-effective approach to meeting PCI obligations. This can help organizations avoid the fines and reputational damage associated with noncompliance or data breaches.
How can we help you?
Contact us by phone 800.274.3978 or
submit your questions, comments, or proposal requests.
Receive Risk Bulletin by Email
Cybersecurity Rapid Assessment®
Complete our Cybersecurity Rapid Assessment form to be contacted about receiving our "quick-hit" evaluation of your organization’s overall security risk.