Welcome To Our PCI DSS Services

The first step in any PCI DSS assessment is determining the extent of an organization’s cardholder data environment and how physical and logical data flows through the company. Accurate scoping is essential to identify all systems that interact with cardholder data, along with any systems and third parties that connect to them or that may impact security.

The current PCI DSS standard includes more than 300 control requirements over 12 higher-level requirement sections. Depending on the number of annual transactions a merchant or service provider processes in a given year, the merchant or service provider is assigned to a Tier level. For the highest volume tier (Tier 1), those companies must perform a full Report on Compliance assessment.

The other tiers are required to conduct a self-assessment questionnaire (SAQ). For the clients who can perform a self-assessment questionnaire, the process should be the same as a report on compliance in terms of control evaluation and documentation, except that the SAQ clients can self-evaluate and write their own required questionnaire.

Once we have carried out a thorough scope review, we will perform a PCI DSS gap analysis. This identifies areas of non-compliance and outlines areas requiring remediation well before we carry out the formal assessment. 

The Gap analysis includes interviews with the organization and its partners, a review of networks and servers, and an inspection of current policies and procedures.

The Formal Assessment of Compliance is the final stage of verifying an organization’s compliance with the PCI DSS and (if completed to evidence full compliance) produces the documentation required for the organization to validate compliance with their acquirer(s) and/or the card schemes.

This is primarily an on-site activity completed by a Qualified Security Assessor (QSA) against the requirements of PCI DSS v3.2.1 and the testing procedures specified in the ROC Reporting Instructions for PCI DSS v3.2.1.

This is primarily an on-site activity completed by a Qualified Security Assessor (QSA) against the requirements of PCI DSS v3.2.1 and the testing procedures specified in the ROC Reporting Instructions for PCI DSS v3.2.1. The Assessment consists of interviews, documentation review, observation of processes, and system configurations and will require system sampling, evidence collection, and retention.

On completing a successful assessment, Eretmis will provide full documentation of the assessment in the Report on Compliance (ROC). The Lead Assessor will ensure the correct completion of the Attestation of Compliance (AOC) asserting PCI DSS compliance. As a confirmation of PCI DSS compliance, Eretmis will award your organization an official Eretmis Attestation of Compliance.

The current PCI DSS standard includes more than 300 control requirements over 12 higher-level requirement sections. Depending on the number of annual transactions a merchant or service provider processes in a given year, the merchant or service provider is assigned to a Tier level. For the highest volume tier (Tier 1), those companies must perform a full Report on Compliance assessment.

The other tiers are required to conduct a self-assessment questionnaire (SAQ). For the clients who can perform a self-assessment questionnaire, the process should be the same as a report on compliance in terms of control evaluation and documentation, except that the SAQ clients can self-evaluate and write their own required questionnaire.

We will work with you to fix areas of non-compliance and expedite the retesting process to ensure timely completion.

PCI DSS remediation is an essential phase for organizations wishing to implement and improve PCI compliance. An engagement will normally start following on from any gap analysis work that has been completed before. 

If items are discovered not in place in the organization, our consultant will formulate a project plan to document the required remediation, including detailed tasks, suggested timeframes, and prioritization and resourcing requirements. 

In this phase, we can play several roles desired by the client – from acting as a simple sounding board for proposed changes to being fully engaged in aiding the often complex organizational changes required by the compliance.

Following a gap analysis and any modifications, your company should be well prepared for the final audit. Our team usually anticipates a 95%+ score, at which point we pause the Audit until the final few controls are resolved.

As a result, 100% of our clients pass their Report on Compliance Assessment. The final RoC report outlines compliance with PCI requirements and after client review, we will submit your compliance status to relevant stakeholders.

PCI DSS comprises time-sensitive controls and must be regularly maintained. We help you stay in control of PCI DSS throughout the year so that you can maintain compliance with confidence.

Maintaining PCI-DSS compliance between assessments can be a challenging proposition. It cannot be considered a once-a-year event. Our consultant will work with you to establish compliance checkpoints throughout the year. 

This program is tailored to the specific needs of individual clients. It has several benefits, including helping plan compliance activities, reducing annual PCI DSS assessment efforts through continual compliance demonstration, and increasing compliance sustainability by eliminating compensating controls.

PCI DSS comprises time-sensitive controls and must be regularly maintained. We help you stay in control of PCI DSS throughout the year so that you can maintain compliance with confidence.

This information session focuses on “What to Expect When You Are Expecting a PCI Audit.” It is ideal for customers who are going through PCI compliance for the first time.