PCI DSS Scope Assessment and Reduction

PCI DSS Scope Assessment and Reduction

Contract our PCI DSS Scope Assessment service and one of our QSAs (Qualified Security Assessors) provides consultancy support in drafting the data flow diagrams, evaluates segmentation, and defines the scope for the PCI DSS. The QSA advises on scope reduction with further segmentation and process changes.

Your challenge

Assessing and reducing the scope of a PCI project is an important task when preparing to comply with the PCI DSS. An incorrect scope may affect the rest of the implementation and almost certainly risk non–compliance.

Our consultants can advise you on how your PCI DSS scope can be reduced using a variety of techniques, and will explain the benefits and drawbacks of the different options.

All of IT Governance USA’s proposed scope reductions are vendor agnostic and do not involve any specific vendor solutions or technologies.

By completing an assessment, you can:

• Reduce the CDE (cardholder data environment) as much as possible
• Lower the risk of a data breach
• Remove unnecessary and costly PCI DSS controls
• Reduce your PCI validation type

Our service offering

• An assessment to identify the CDE
• Determine the different types of cardholder data your organization is processing
• Support in drafting the data flow diagram (data, process, people)
• Establish which technologies impact your CDE
• Determine the risks posed by network components, servers, and applications
• Advise on the segmentation controls to isolate the cardholder data
• Develop recommendations necessary to reduce the scope
• A management report outlining the findings of the assessment