Created with Sketch.
  • Make a Payment
    • Breached?
    Contact us

    PCI DSS Compliance
    Payment Card Industry Data Security Standard

    Deliver sound risk management practices, internal control systems and compliance frameworks.

    Successfully obtaining and maintaining Payment Card Industry Data Security Standard (PCI DSS) compliance can sometimes be a monumental effort between several business processes across a variety of business units, encompassing both manual and automated procedures that involve an array of systems and personnel throughout the organization.

    Download our PCI DSS Service Overview

    As a certified Qualified Security Assessor (QSA), Schneider Downs is equipped to assist clients with their PCI compliance journey from the initial scoping and/or reduction of their cardholder data environment (CDE), gap/readiness assessments, and formal examinations resulting in a completed Self-Assessment Questionnaire (SAQ) or Report on Compliance (ROC) and accompanying Attestation of Compliance (AOC). In addition, the Schneider Downs Cybersecurity team provides several services pertinent to PCI DSS compliance, including penetration testing and segmentation testing.

    Based on published guidance and experience, the Schneider Downs team developed a five-phase approach to achieving an effective PCI compliance program with each phase following a clear, concise framework designed to deliver value to our clients.

    Phase I – Awareness and Project Support

    Develop the awareness of PCI compliance requirements and the related consequences of non-compliance at the senior management level.

    Phase II – Inventory and Dataflow

    Inventory and document the flow of credit card information throughout the organization’s various processes, including data origination, data in motion, data at rest and data in use. During the credit card information lifecycle assessment, we will utilize the following attributes associated with the flow of credit card data:

    • Data origination: The methods for initiation of credit card transactions throughout the organization including identifying the electronic and manual methods used to accept credit card information.
    • Data in Motion: Map the flow of the credit card information throughout the organization either in paper or electronic form to identify an inventory of all technology components that are instrumental in the transportation, processing and routing of the credit card information.
    • Data at Rest: Identify throughout the organization where credit card information is stored and the format (paper, electronic) of the data.
    • Data in Use: Develop a list of personnel that can access or utilize the credit card information.

    Phase III – Design and Scoping

    Begin to formulate our strategic IT architecture and process design recommendations that will limit the areas of the network that fall within the scope of the PCI compliance effort.

    Phase IV – Reporting and Remediation Roadmap

    Prepare an executive-level report detailing the results of our analysis designed to provide a realistic understanding of the current state of your control environment and the risk associated with each of the identified weaknesses or gaps.

    Phase V – Sustainment and Governance

    Provide recommendations that would enhance your compliance governance structure and embed controls in your ongoing processes that will address key security and control activities into operational processes, helping make PCI a core organizational competency. 

    Our approach can be tailored to meet the existing needs of, and the current task being undertaken by your organization.

    About Schneider Downs IT Risk Advisory 

    Schneider Downs’ team of experienced risk advisory professionals focus on collaborating with your organization to identify and effectively mitigate risks. Our goal is to understand not only the risks related to potential loss to the organization, but to drive solutions that add value to your organization and advise on opportunities to ensure minimal disruption to your business.  

    To learn more, visit our dedicated IT Risk Advisory page. 

    IT Risk Advisory Resources

    View our additional IT Risk Advisory services and capabilities

    Learn More
    Contact Us

    Our Thoughts On

    Postcard from 2024 ISACA PGH

    What were the hot topics at the 11th Annual Pittsburgh Information Security Awareness Day? The ISACA Pittsburgh chapter held their…

    Read More >
    Cybersecurity Awareness Month is Over...Now What?

    As October comes to an end, so does Cybersecurity Awareness Month. However, that doesn’t mean our focus on security awareness…

    Read More >
    Two Truths and a Lie About Cybersecurity: Purple Teaming

    Let’s play a game! Two truths and a lie about Purple Teaming.In support of Cybersecurity Awareness Month, we are examining…

    Read More >
    Two Truths and a Lie About Cybersecurity: Cyber Governance

    Let’s play a game! Two truths and a lie about Cybersecurity Governance.In support of Cybersecurity Awareness Month, we are examining…

    Read More >
    Two Truths and a Lie About Cybersecurity: Cyber Insurance

    Let’s play a game! Two truths and a lie about Cyber Insurance.In support of Cybersecurity Awareness Month, we are examining…

    Read More >
    Subscribe For Updates

    Receive all the latest insights and industry tips.

    This field is for validation purposes and should be left unchanged.
    Email us: [email protected]
    Follow Us:
    Facebook-f Linkedin-in

    Office Locations

    Pittsburgh

    One PPG Place,
    Suite 1700
    Pittsburgh, PA 15222

    p:
    412.261.3644
    f:
    412.261.4876
    Columbus

    65 East State Street,
    Suite 2000
    Columbus, OH 43215

    p:
    614.621.4060
    f:
    614.621.4062
    Metropolitan Washington

    1660 International Drive,
    Suite 600
    McLean, VA 22102

    p:
    571.380.9003

    Links

    Inside Public Accounting Best of the Best 2024
    Accounting Today Top 100 2024
    Accounting Today Regional Leaders
    Best Of Accounting Diamond Award

    Schneider Downs is a Top 60 independent Certified Public Accounting (CPA) firm providing accounting, tax, audit and business advisory services to public and private companies, not-for-profit organizations and global companies. We also offer Internal Audit; Technology Consulting; Software Solutions; Personal Financial Services; Retirement Plan Solutions and Corporate Finance Services. Schneider Downs is the 13th largest accounting firm in the Mid-Atlantic region and serves individuals and companies in Pennsylvania (PA), Ohio (OH), West Virginia (WV), New York (NY), Maryland (MD), and additional states in the United States with offices in Pittsburgh, PA, Columbus, OH, and McLean, VA.

    © 2024 Schneider Downs & Co., Inc. Maryland license number 35239.

    Breached?

    Every moment counts. For urgent requests, contact the Schneider Downs digital forensics and incident response team at 1-800-993-8937. For all other requests, please complete the form below.

    "*" indicates required fields

    This field is for validation purposes and should be left unchanged.