Concerned about your QSA's experience?
Inside the mind of a black hat
Are these the ICO's new teeth?
The accurate Scoping and Documentation of Cardholder Data Environments is critical to a project’s success.
Any system that stores, processes or transmits Card Holder Data post-authorisation is in scope for PCI DSS v1.2. This applies also to any 3rd party, contractor or Service Provider whom may have access to such systems (directly or indirectly), or manage all or part of a Cardholder Data Environment.
Flat networks are a common find for a Qualified Security Asessor (QSA) and even systems not involved with Cardholder Data will end up ‘in scope’ if they are physically, logically or remotely connected to a Cardholder Data Environment.
It is important to consider all possibilities and uncover all parts of a business that may be, or have been, involved with Cardholder Data.
Blackfoot do this through Scoping workshops in order to obtain:
- Business role with payment cards
- Network diagrams
- Maps of Cardholder Data flow
- Description of Cardholder Data Environment/li>
- Details of wireless networks
- List of 3rd parties and service providers involved with cardholder data
- Details of pre- and post-authorisation processes
Detailed Scoping documentation prepared and maintained at an early stage will ensure there are no surprises later on.
Call us: