PCI DSS Consultancy
Let us guide you on your PCI DSS journey
PCI DSS isn’t black and white. It’s kind of grey and because of that organisations often require a lot of help interpreting the requirements to fit their specific operations.
We’ve been working with the PCI DSS almost since the beginning, our Technical Director was involved in rolling out a multi-million pound PCI DSS project back in 2006, and we’ve been helping large and small companies gain compliance ever since.
How do we help?
We provide independent, pragmatic PCI DSS expertise to help you develop and improve your current security programme in order to meet your PCI DSS compliance requirements.
We’ve experience of delivering PCI DSS with massive budgets and also with virtually no budget and using only open source software and creative processes. Through our PCI DSS consultancy services you get the full benefit of this, working alongside your team to help deliver what you need.
Our consultancy is entirely flexible and based on what your organisation requires. We can do as little or as much as you need but here are some examples of work we regularly undertake for our clients.
- Scope reduction
- Gap analysis
- Policy documentation
- Procedure development and documentation
- Technical solution design
- Self Assessment Questionnaire (SAQ) completion
- Level 1 “Audit Defence”
We can demystify the requirements of the PCI DSS, cutting through the grey to help you implement compliant, effective controls.
Most importantly, we can help you achieve or maintain compliance. No matter how simple or complicated your payment channels are, we’re here to help get you through.
Don’t waste money on areas you don’t need to. We charge sensible rates and take a pragmatic approach centred around your needs, not selling days.
Speed up your compliance programme by engaging us as your expert guide. We have a wealth of experience, document templates and good ideas that will get you compliant faster.
What To Expect
A typical PCI DSS consultancy engagement will start with a requirements gathering exercise. We need to understand what your goals are and the current challenges you are faced with.
Once we understand the requirements we can pull together suggested work packages and provide our costs and effort for delivering these.
Where the precise effort required may be unclear, for example, where your project comprises multiple dependent phases of work, we will usually recommend a consultancy call-off agreement.
This is a very simple, non-binding approach to ensuring smooth and responsive engagements with bursty work requirements. You gain authorisation for an agreed number of consultancy days up front, typically in the form of a Purchase Order. 4ARMED then delivers agreed work packages against the call-off balance, invoicing monthly in arrears for accrued days.
There is no commitment to use all the days authorised and it doesn’t change our no-nonsense, open approach to engagements where you are engaged at all times in the work we are delivering.
- We listen
- We analyse
- We identify options
- We create work packages from options
- We calculate effort and cost
- We present a detailed proposal
- You review
- We update if required
- Work packages are scheduled
- Our consultants get busy
- Regular progress updates are provided as required
- Optional Wash-up Call
- Post-Engagement Support
- Engagement Feedback fed into our ISO9001 Quality Management System