PCI DSS Consultancy

Let us guide you on your PCI DSS journey

Introduction

PCI DSS isn’t black and white. It’s kind of grey and because of that organisations often require a lot of help interpreting the requirements to fit their specific operations.

We’ve been working with the PCI DSS almost since the beginning, our Technical Director was involved in rolling out a multi-million pound PCI DSS project back in 2006, and we’ve been helping large and small companies gain compliance ever since.

How do we help?

We provide independent, pragmatic PCI DSS expertise to help you develop and improve your current security programme in order to meet your PCI DSS compliance requirements.

We’ve experience of delivering PCI DSS with massive budgets and also with virtually no budget and using only open source software and creative processes. Through our PCI DSS consultancy services you get the full benefit of this, working alongside your team to help deliver what you need.

Some examples

Our consultancy is entirely flexible and based on what your organisation requires. We can do as little or as much as you need but here are some examples of work we regularly undertake for our clients.

  • Scope reduction
  • Gap analysis
  • Policy documentation
  • Procedure development and documentation
  • Technical solution design
  • Self Assessment Questionnaire (SAQ) completion
  • Level 1 “Audit Defence”

 

Benefits

Clarity

We can demystify the requirements of the PCI DSS, cutting through the grey to help you implement compliant, effective controls.

Compliance

Most importantly, we can help you achieve or maintain compliance. No matter how simple or complicated your payment channels are, we're here to help get you through.

Cost Effective

Don't waste money on areas you don't need to. We charge sensible rates and take a pragmatic approach centred around your needs, not selling days.

Speed

Speed up your compliance programme by engaging us as your expert guide. We have a wealth of experience, document templates and good ideas that will get you compliant faster.

What To Expect

A typical PCI DSS consultancy engagement will start with a requirements gathering exercise. We need to understand what your goals are and the current challenges you are faced with.

Once we understand the requirements we can pull together suggested work packages and provide our costs and effort for delivering these.

Call-off agreement

Where the precise effort required may be unclear, for example, where your project comprises multiple dependent phases of work, we will usually recommend a consultancy call-off agreement.

This is a very simple, non-binding approach to ensuring smooth and responsive engagements with bursty work requirements. You gain authorisation for an agreed number of consultancy days up front, typically in the form of a Purchase Order. 4ARMED then delivers agreed work packages against the call-off balance, invoicing monthly in arrears for accrued days.

There is no commitment to use all the days authorised and it doesn’t change our no-nonsense, open approach to engagements where you are engaged at all times in the work we are delivering.

PCI DSS Consultancy Engagement Process Flow

Resources

Which PCI DSS SAQs applies to my organisation? Our simple interactive tool will help you work it out.


Next Steps

Want to discuss your requirements further? Wondering whether PCI DSS Consultancy is right for your business? There's an easy way to find out, give us a call or complete the contact form below to tell us where you're at and we will work with you to find the best solution for you.