The Mobius Information Security team recently completed an independent assessment of compliance with the Payment Card Industry Data Security Standard (PCI DSS) for a client in the consumer services industry. The project included assessing compliance with all the data security requirements of PCI DSS, and assisting the client with the completion of their annual Self-Assessment Questionnaire. The project included analysing the organisation’s various functional areas use of cardholder data in order to provide input into the PCI DSS assessment.
OUR APPROACH TO PERFORMING THE PCI DSS ASSESSMENT INCLUDED:
Understanding the Business: we checked that the client had accurately determined the scope of the cardholder data environment (CDE) applicable to the standard;
Conducted Independent Assessment: we performed an independent assessment and gap analysis of the organisation’s compliance to the standard utilising the appropriate Self-Assessment Questionnaire (SAQ);
Remediation Recommendations: we provided the client with recommendations for control improvements to address any gaps.
The outcome of the engagement was that the client was enabled to provide internal stakeholders with a level of comfort of the organisation’s compliance with the standard and that the annual SAQ was accurately completed. Security gaps were identified and Mobius provided the client with practical recommendations for improvements to cardholder data security. Our final report included recommended management activities to ensure ongoing compliance with the standard.