Menu Close

Case Study

PCI Scope Redefinition and ROC Reporting for Global Services Organisation

The client

The UK operation of an international services organisation, that provides home emergency insurance cover and repairs covering heating, drainage, plumbing and electrics.

The work

We were engaged to review the scope  the client’s payment services against the PCI DSS Standard as the client was changing their environment and wanted to have a Report on Compliance (ROC)
prepared, instead of a Self-Assessment Questionnaire (SAQ ), to give them added comfort that they had been independently assessed by a Qualified Security Assessor (QSA).

The work was planned to undertake a scoping exercise to determine their Card Data Environment (CDE) for the new environment being implemented which would be followed by undertaking a formal assessment and ROC report.

How we helped

Having reviewed the CDE environment we identified that its scope was broader than the client had understood and we recommended accelerating planned outsourcing to third-parties to reduce the touchpoints where card payments were processed. These changes were
implemented in time for their annual assessment and enabled a compliant ROC to be prepared.

Value added

Our knowledge of the PCI DSS standard, combined with options to reduce the scope of the CDE, and use third-party suppliers to assist, allowed the client to streamline their processes, simplify their scope and ease the effort in achieving and maintaining PCI compliance.

Customer reviews

What our clients say

Get in touch

If you would like to talk about your risk management requirements, submit your details and one of our consultants will be in touch.