Gap analysis
PCI certifications
PCI Gap Analysis is a preliminary audit that allows an organization to assess its level of compliance with specific standards, such as PCI DSS. This service simulates the full certification process, enabling organizations to understand the requirements, the auditor’s approach, and the challenges associated with certification.
A PCI Gap Analysis identifies areas needing improvement, providing tailored recommendations specific to the organization’s environment. This is the first step towards PCI DSS certification.

How can we help you?
Understanding the requirements of standards like PCI DSS is crucial for effective compliance management and preparing for certification. A PCI Gap Analysis is the first step in this journey – like taking the first driving lesson before your driver’s test. During the analysis, we explain what PCI DSS is, its significance, and how it applies to your organization's operations.
Throughout this process, we debunk myths surrounding PCI DSS requirements, highlight key areas for improvement, and increase your employees' awareness of security practices. The PCI Gap Analysis ends with a discussion of solutions that will not only help you achieve compliance but also significantly enhance your organization’s security. The result? A better understanding of the standard, effective compliance management, and a solid foundation for protecting data and adapting to future changes.
How will we work with you?
Stage 1
Defining the Scope of
PCI DSS Certification
We start by defining the scope of your PCI DSS certification. Together, we will determine the scope that not only meets your business objectives but also helps minimize future costs related to maintaining PCI DSS compliance.
Stage 2
PCI Gap
Analysis
This step is optional and works best for new clients who are uncertain about their readiness for a certification audit. During the PCI Gap Analysis, we simulate the certification audit, pointing out non-compliance areas and opportunities for improvement. We also provide solutions for overcoming challenges. This is an optional step that gives you a full picture of what needs to be improved before committing to full certification.
Stage 3
Reporting
At the end of the process, we will provide two reports. The first is a detailed report outlining all observations, non-compliance issues, and discrepancies. The second is a high-level presentation summarizing your overall compliance. After these reports and presentations, we will leave you to analyze and reflect on the data to determine your next steps.
Stage 4
Consulting for
PCI DSS Certification
We will guide you through the certification process, providing answers to your questions and helping you resolve any doubts. From experience, we know that it's more efficient to work with an experienced partner rather than trying to find the answers yourself.
Gap analysis
A Gap Analysis is a combination of on-site and remote activities aimed at confirming a client's compliance with a given standard from the PCI family. The analysis consists of 3 key elements and 1 optional element
Interviews with Personnel: Before the audit, you will receive an agenda and a list of topics we will discuss with your staff or suppliers. These interviews aim to better understand your organization, its responsibilities, and the methods used to manage the cardholder data environment.
Configuration Review: The next step involves reviewing and verifying the configuration of your environment. We will ask your staff to demonstrate the configuration of systems, devices, tools, and other elements such as access control systems or alarm systems. During this review, we will often request audit evidence to be collected.
Management Process Review: This step involves reviewing the processes used to manage your cardholder data environment. We will request change logs, evidence of log reviews, and documentation of patching sessions, among other things.
Documentation Review: This is the optional step, often conducted remotely. We will ask you for a list of documents describing your cardholder data environment, network diagrams, policies, and procedures. Remember that these documents must be up-to-date, meaning the date of their last review must not be older than 12 months.
After the PCI Gap Analysis, we will provide you with a complete set of observations, documents, and evidence in a single document called a tracker. The purpose of the tracker is to collect all the necessary evidence and documentation so we can start working on the final compliance report.
Don't buy a pig in a poke -
request a free consultation and check how we can assist you.
