PCI DSS Assessment
The Payment Card Industry (PCI) Security Standards Council (SSC) is an open global forum, launched in 2006, that is responsible for the development, management, education, and awareness of PCI Security Standards, including the Data Security Standard (DSS) and Payment Application Data Security Standard (PA-DSS) requirements. The PCI DSS was developed to encourage and enhance cardholder data security and facilitate broad adoption of consistent data security measures globally. PCI DSS provides a baseline of technical and operational requirements designed to protect cardholder data, and applies to all organizations that store, process or transmit cardholder data. The PCI Assessment consists of a PCI SSC Qualified Security Assessor (QSA) conducting onsite validation of an organization’s cardholder data environment for compliance with PCI DSS requirements. Drummond QSAs work with your organization to understand your cardholder data environment, determine the scope of the assessment, and select samples. During the assessment, we will conduct onsite validation that includes examining configuration settings and functionality of the selected sample of system components, observing processes, collecting evidence, validating physical security controls, conducting interviews with employees, and more. Offsite validation includes review of documentation, including policies and procedures, relevant records, review of submitted evidence, and remediation validation if applicable. At the end of the assessment, Drummond will provide an open item list that details requirements found to be out of compliance and actions needed in order to remediate. When all requirements are considered compliant, Drummond will deliver a Report on Compliance (ROC) and Attestation of Compliance (AOC).