PCI DSS Assessment

Our PCI Certification engagement focuses on assessment, remediation, and certification of our client’s information and network security. HEALTHINOVATION’s collaborative approach aligns the organizations individual business units with their technology needs according to the PCI Security Audit and Reporting Procedures. Outlined are key activities, deliverables, and milestones for ensuring the organizations PCI DSS compliance and certification.

Phase 1: Project Definition and Scope

• Executive view of all 12 core PCI DSS standards necessary for meeting compliance
• Executive view of HEALTHINOVATION’s PCI DSS offering, approach and deliverables
• Definition of key personnel and project timeline and milestones

 Phase 2: Gap Analysis

• Review and analysis of current policies, procedures, and initiatives throughout the organization
• Analysis of debit/credit (i.e., payment) transaction environment
• Identifying and analyzing all significant third party outsourcers and managed service providers used by the organization
• Create Gap Analysis report

 Phase 3: Remediation, Consultation & Implementation

• Joint review of the PCI DSS Gap Analysis findings and recommendations
• Create remediation and implementation project plan
• Organizational remediation of identified deficiencies or issues regarding PCI DSS compliance

 Phase 4: Assessment and Reporting

• Assessment of Organizations PCI DSS Compliance
• Generation of Report on Compliance
• Issue PCI DSS v2.0 Compliance Certificate
• Submission of Report on Compliance to applicable card brands and acquirers

 Additional Services:

• Policy and Procedure development
• Internal Vulnerability and Penetration testing
• Quarterly Network Vulnerability Scans by a certified PCI ASV (ContolScan)
• Technical Remediation and Consulting, CISO On-Demand

 Resource Documents

• PCI Data Security Standard