The Payment Card Industry Data Security Standard (PCI DSS) is a security standard that applies to organizations that handle credit card information.
Annual audits are required to validate compliance and varies in nature depending on the quantity of transactions that an organization handles. Organizations that handle smaller volumes of data are able to self-assess, answer a detailed Self-Assessment Questionnaire (SAQ) and attest to their compliance. Organizations that are handling large amounts of transactions must undergo an independent audit by a PCI DSS Qualified Security Assessor (QSA).
Level 1: Merchants that process over 6 million card transactions annually.
Level 2: Merchants that process 1 to 6 million transactions annually.
Level 3: Merchants that process 20,000 to 1 million transactions annually.
Level 4: Merchants that process fewer than 20,000 transactions annually.
The GAI Cyber team operates as PCI DSS trusted advisor. Our team will assist your organization:
- Analyze and optimizing PCI data architecture
- Create Documentation, Policies and Procedures
- Choosing the proper SAQ
- Validate control safeguards are operating as intended
- Conduct Gap Analysis and Remediation Activities
- Select a PCI DSS QSA Company for Audit
Our team will determine your organization’s current alignment with PCI requirements in preparation for a qualified PCI QSA audit.
GAI Cyber partners with several different PCI QSA companies who provide formal audits for firms processing large quantities of transactions. This ensures there is no conflict of interest between our consultative services and the work of an independent security assessor.