A cardholder data breach is a traumatic experience for any organisation. First, there is the initial fine levied by the card schemes through your acquiring bank to deal with, then the PCI Forensic Investigation (PFI) process to determine the technical cause of the breach, and finally as all entities who have suffered a cardholder data breach are promoted to a Level 1 merchant or service provider, a Qualified Security Assessor (QSA) led formal PCI DSS assessment must be conducted.
One Compliance QSAs have a wealth of experience in post-breach PCI DSS assessment. We can help you negotiate the proper scope of what should be assessed, recommend appropriate strategies to reduce the scope and risk of your environment, provide template policies and procedures so you have all the required documentation to support your compliance programme, and take a great deal of the pain out of this unpleasant process.
If you have suffered a cardholder data breach and gone through the pain of a PCI Forensic Investigation, contact us to see how we can help you with your post breach PCI DSS assessment.