Pre PCI Gap Assessment
Megaplan-IT’s PCI-DSS Gap Assessment service aims to optimize your PCI Compliance project by identifying security control gaps within your cardholder data environment prior to your formal PCI assessment. Designed to lower costs, improve reporting accuracy, and improve your company’s overall security posture, an on-site Gap Assessment is the first step towards a comprehensive and proactive PCI-DSS compliance strategy.
Megaplan-IT approaches PCI Compliance Gap Assessment with a focus on accuracy and promptness which includes:
1. Review Project Scope and Required Policies and Procedures
2. Policy and Procedure Collection, Analysis & Controls Validation
3. Onsite Validation and Draft PCI Gap Assessment Report
4. Megaplan-IT Quality Assurance
5. Deliver Final PCI Gap Assessment Report
Trusted Advisory & Remediation
Megaplan-IT assists our clients with achieving PCI-DSS compliance by employing QSAs with knowledge in all aspects of technical remediation. Megaplan-IT’s Trusted Advisory Service provides our clients with the support needed to achieve PCI-DSS compliance and remain compliant between assessments.
Trusted Advisory and Remediation includes:
- Providing a comprehensive background into the PCI-DSS requirements and objectives in order to achieve compliance.
- Identifying and modeling business processes and cardholder data flows to assist in optimizing business activities to help reduce the PCI-DSS scope.
- Identifying and steering clients toward Industry-Best Practices as well as keeping a cost-effective approach that is reasonable to your organization.
- Providing a detailed roadmap, which will help accomplish the goal of achieving PCI-DSS compliance and educating specific groups within your organization in regards to their remediation efforts.
Policies and Procedures
Megaplan-IT offers assistance in the development of Information Security Policies and Procedures that address your organization’s requirements for achieving PCI Compliance. We will provide your organization with a tailored document, which will be created in conjunction with your organization’s IT staff to ensure that it reflects the specific environment and procedures of your operating system.
Megaplan-IT Policy and Procedure Development Process consists of:
- Policy and Procedure Data Gathering
- Documentation Development
- Draft Review, Modification & Final Delivery
Quarterly Health Checks
Technology changes fast, and critical updates can't wait until your next assessment deadline. Our qualified security assessors will schedule time each quarter to review your system changes and offer Trusted Advisory and Remediation for any minor issues that may affect compliance.
We believe that proper communication and education will strengthen your organization's PCI Compliance posture to ensure your organization maintains compliance throughout the year.
Internal/External Vulnerability Scanning
This service is designed to scan your organizations websites and IT infrastructure, locate any vulnerabilities, and offer options for remediation. The evaluation will determine the current level of security in place for Internet services, as well as any externally facing systems.
Our stated intention is to mitigate your risks and remedy the root causes of your security concerns through a diligent, multi-step process. We will collect and analyze pertinent information about the network system, and then leverage that information during the assessment and verification phases. In order to minimize the chances of reporting false positives/negatives, Megaplan-IT’s skilled consultants will perform multiple types of scans.
Internal/External/Web Penetration Testing
In order to achieve PCI Compliance 11.3, Megaplan-IT adheres to a well-defined methodology for achieving your organizational goals for Internal, External and Web Penetration Testing. This series of penetration testing will effectively analyze your system from top to bottom. Megaplan-IT performs all penetration testing in a seamless manner, so your normal workflow is not disrupted.
By working together in this fashion reduces you overall PCI Compliance risk and helps all of us meet objectives in a timely manner.
Security Compliance Project Management
Megaplan-IT provides comprehensive project management by utilizing proven models, as well as techniques and tools, focused around achieving your compliance initiatives. We implement and manage each task within the scope, schedule, personnel, quality, cost, and assurance necessary to achieve compliance.
Project Management Goals
- Ensure that the compliance scope is clearly defined in the beginning with all stakeholders to guarantee the client's compliance project is a success.
- Provide effective communication and documentation throughout the project’s lifecycle.
- Regularly monitor and track the process to improve the end results.
- Identify and analyze changes to the project scope and remediation efforts.
- Proactively detect any potential issues through Quality Assurance.
- Provide detailed deliverables that meet the client’s requirements and specifications.