Select Page


What is a PCI DSS health check?

LRQA Nettitude’s PCI DSS health check service helps organisations to always maintain compliance. We help you to avoid unexpected issues and costs at the time of your annual assessment.

Organisations often take the view that PCI DSS assessments are project-like in nature; an activity completed once a year. Following a successful assessment, this view often results in teams ‘taking their foot off the pedal’ and neglecting to maintain business as usual processes required by the standard. This can not only leave you out of compliance and needing to urgently remediate, but can lead to financial penalties, more expensive audits, and most troubling at increased risk of a credit card data breach.

Why Is This A Problem?

The challenge with PCI DSS is that it needs to be in place 365 days of the year. It is common for organisations to find that during their annual assessment their Qualified Security Assessor (QSA) will raise problems that could have been avoided with strong business as usual processes. This means the risk of a requirement is found not to be in place, and a non-compliant outcome or prolonged assessment period to allow for remediation. Merchants who fall out of compliance will also need to tell their acquiring bank and face increased risk of non-compliance charges.


Why Perform A PCI Health Check?

A regular and proactive health check can save you money and reduce the risk of a breach of cardholder data. If you’re found to be non-compliant during your annual assessment, your QSA company will probably have to charge you for additional time to complete the assessment. You’ll also need to prioritise remediation and allocate resources to this, which can negatively impact other areas of your organisation. If you’re a service provider, your non-compliance automatically cascades down to your clients, and you may even be in breach of contract.

Benefits Of A PCI Health Check

Our PCI DSS health check service helps you to monitor compliance and ensure that your ongoing PCI DSS obligations are being met. This helps you to

  • Reduce the risk of a non-compliant annual assessment
  • Demonstrate ongoing compliance with PCI DSS throughout the year
  • Minimise costs associated with unexpected remediation efforts
  • Reduce the likelihood of non-compliance charges from an acquiring bank
  • Identify compliance issues proactively
  • Ensure your PCI DSS compliance regime updates as changes in your organisation occur
  • Maximise the return on investment in activities such as vulnerability scanning and penetration testing

How Can LRQA Nettitude Help?

We recommend you review your PCI DSS status on at least a quarterly basis as part of your PCI compliance management strategy. In support of this, our PCI DSS health check service can be used on an ongoing basis throughout the year. We can also provide a one-off review to check your current status.

Frequently Asked Questions about Data Privacy Security

What is an incident response policy?

An Incident response plan or policy is a process you create before you experience a cyberattack. This is so that your team has a procedure to follow when you do experience a data breach. LRQA Nettitude follows the CREST Cybersecurity Incident Response process which is broken down into 3 phases: preparation, response, and follow up. Having a breach plan gives you the confidence to quickly nullify any threat to your data privacy security.

Why is data privacy security important?

Although it has always been important, the implications and need for higher security are coming into play now that technology is indispensable to everyday life. Using apps, browsing websites, and shopping online are all examples of how your data will be stored and managed online. For organisations today, the threat of cyber theft is a pertinent one. Having comprehensive data privacy plans in place can reduce and mitigate the risks of such events.

Does LRQA Nettitude practice sustainability?

As a company with a global footprint, sustainability is an area of importance to us. We are a registered ‘Investor in People’ organisation. Taking a cue from ISO 14001, we have strong sustainability practices put in place. Our organisation also hires fairly and equally, across gender and race. By working with us, you can rest assured that we implement data privacy security measures with ethics at the core of our mission.

Get in touch via the form below and get a free quote from us for our Red Team Security Testing services.

General Enquiry