PCI Compliance Gap Analysis

Services most clients purchase before

PCI Security Policies

Services most clients purchase after


Top 10 Tips for PCI Compliance

A PCI Compliance Gap Analysis is usually the very first step you take

Zen & the Art of PCI Compliance

Guide to your journey to PCI Compliance

Need some help?

Speak to the Risk Factory Foreman, and he'll tell you everything you need to know.

Call us on 0800 978 8139

Quote details

What is it?

A PCI Compliance Gap Analysis is usually the very first step you take to understand your current compliance status. It provides a detailed comparison of what your business is currently doing against what it should be doing to be compliant to the PCI DSS regulation. The analysis reviews the current security controls you already have in place to protect cardholder data against the specific controls required by the PCI DSS. In essence it identifies the “gap” that needs to be addressed in order to become compliant.

Why should I do it?

To quickly understand your current compliance status and exactly how much work you need to do in order to become fully compliant. The outcome will be a prioritised list of things to do and is also critical for determining compliance timelines, budgeting and project management challenges.

How often should I do it?

It only needs to be done once.

What will Risk Factory do?

  • Conduct an on-site analysis of your current operations and controls against those required for compliance to the PCI DSS V3.
  • Interview your business key compliance stakeholders and confirm the evidence produced by your operations and controls against that required by the PCI DSS.
  • Conduct an Approved Scanning Vendor (ASV) technology vulnerability assessment of your existing exterior-facing IP addresses associated with your Cardholder Data Environment (CDE).
  • Analyse the findings and produce a detailed report identifying the existing gap between your operations and controls and those required for compliance to PCI DSS V3.
  • Produce a prioritised list of activities for your business to undertake to obtain compliance.

 What will I receive?

  • A comprehensive gap analysis against PCI DSS V3 and report of findings indicating your existing compliance status. To see a sample report, just contact the Risk Factory Foreman.
  • A draft project management plan detailing the specific actions required for compliance in order of significance and with data fields allotted to budget, resource and completion dates to help you manage your compliance program efforts.
  • Two weeks of on call (telephonic) support from an information security compliance consultant to answer any questions you may have regarding your road map to compliance.

Do I need to do anything in advance?

After placing the order with us, you will need to speak with our Factory Foreman to schedule the onsite work and identify the businesses key compliance stakeholders (managing director or operations director, finance director, human resource manager, IT director and information security or compliance manager) to be interviewed in the analysis. Our Factory Foreman is standing by to help you.