When it comes to your PCI DSS compliance report, there are 4 main steps that are part of the auditing process.
Step 1: Planning & Readiness
Communication is essential in completing a PCI audit and it starts in the planning process. Our planning begins with a kickoff call. The kickoff call is used to make introductions, identify key players, and points of contact. We also begin the process of understanding the services on which we will be providing an opinion. Where a readiness assessment has been requested, we establish the dates for the readiness work (for first-time PCI assessments) and/or fieldwork (for recurring clients). In readiness, we assess the data flow of the services, identify controls, and provide a gap analysis of controls that may need implementation or improvement. The planning and readiness process is critical to creating open communication designed to obtain maximum efficiencies that will be realized in the PCI reporting process.
Step 2: Preparation
Once the audit plan is established, we create the request list of support items needed in our secure online dashboard, in preparation of and coordination with you for the testing phase. Between the time of the audit plan establishment and the testing, your team starts compiling your supporting documentation and uploading it to the secure online portal. Remember, we are there to help, so we invite open communication if you have any questions. This preparation is essential to an efficient and effective audit experience.
Step 3: Testing
Testing and gathering evidence is the core part of any compliance engagement. Based on the information gathered during the Planning & Preparation stages, evidence will be gathered to meet the objectives discussed. We believe that timely communication is key to this process and to building trust with you, our client.
Step 4: Reporting
After the testing and internal reviews are completed, a draft report is issued for managements review. Any changes by management are processed and the final report is issued.