PCI DSS Readiness
Merchant-focused PCI DSS readiness covering scope determination, SAQ selection (A, A-EP, D), control gap analysis, ASV scan coordination, and evidence package preparation so you arrive at QSA assessment ready.
How it runs
- 01
Scope & CDE Determination
Map all systems, processes, and people that store, process, or transmit cardholder data. Define the cardholder data environment and identify connected systems within scope.
- 02
SAQ Selection
Determine the correct SAQ based on payment acceptance channels: SAQ A for fully outsourced e-commerce, A-EP for redirect or iframe with merchant-controlled site, D for everything else.
- 03
Control Gap Analysis
Assess current controls against the relevant PCI DSS v4.0 requirements. Document gaps, customised controls where applicable, and the evidence each control will need.
- 04
ASV Scan Coordination
Coordinate quarterly external vulnerability scans by an Approved Scanning Vendor. Triage results, drive remediation, and obtain a passing scan report ahead of assessment.
- 05
Evidence Package Preparation
Build the evidence package: policies, procedures, configuration baselines, network diagrams, data flow diagrams, training records, and operational artefacts mapped to each requirement.
- 06
QSA-Ready Handoff
Deliver a clean readiness package, walk through it with internal stakeholders, and support the QSA assessment with clarifications and evidence as the formal assessment progresses.
AI assist
What you receive
- Cardholder data environment scope document
- SAQ selection rationale and worksheet
- Control gap analysis with remediation plan
- Network and data flow diagrams
- Coordinated ASV scan with passing report
- Evidence package mapped to PCI DSS v4.0
- QSA-ready readiness pack and walkthrough
Ready to scope this engagement?
Every engagement is scoped individually. Get a tailored quote within 24 hours.