top of page

PCI Compliance Assessment

A PCI Compliance Assessment from The Total Connection will tell you whether or not your business is operating under the Payment Card Industry Data Security Standard (PCI DSS). If not, we will outline what you need to do to become compliant under the PCI DSS.


After our assessment is complete, you will have documented evidence proving that you have taken the measure to become PCI compliant.


Included in the PCI Compliance Assessment:
PCI Policies & Procedures Document


Shows how to best comply with standards established by the PCI DSS.


PCI Risk Analysis Report

Identifies electronic store locations, cardholder data transmissions, and security vulnerabilities, as well as estimates the likelihood of an attack and level of impact possible threats pose to your system.


  • The Risk Analysis is the foundation for our entire security program and is a primary requirement for becoming PCI compliant.

  • A Risk Analysis should be done at least once a year.


PCI Risk Profile Report


Provides interim reporting in a streamlined manner.


  • Abbreviated version of the Risk Analysis.


PCI Risk Management Plan

Uses the findings from the Risk Analysis to outline tasks that must be done to minimize, avoid, or respond to current and possible risks.


Evidence of PCI Compliance


Performing PCI-compliant tasks is not enough. Auditors will ask for evidence to prove that compliant tasks have been carried out to completion.

Compliance Evidence includes:


  • Login Files

  • Patch Analysis

  • User and Computer Information

  • Other source material to support your compliance activities.


NOTE: Be sure to hold on to this documentation for at least 6 years.


PCI Pre-Scan Questionnaire


Contains a list of questions about the physical and technical security of your system that cannot be gathered automatically.

Questions regard:


  • How facility controls are accessed

  • Firewall information

  • Application development

  • Authentication processes

  • Change management standards


External Port Security Worksheet

Documents the justifications for all of the allowed ports, the protocol configurations, and any insecure configuration.


Cardholder Data Environment ID Worksheet

Identifies the devices that store or have access to cardholder data.

  • Helps businesses develop better data management strategies.


Server Function ID Worksheet

Allows us to document server roles (web server, database server, DNS server, etc.) and the functions activated on each server (real/physical or virtual) within the Cardholder Data Environment (CDE).


  • As per PCI DSS Requirement 2.1.1, only one function per server can be implemented to prevent functions that require different security levels from co-existing on the same server.


User Identification Worksheet

Determines if unauthorized users have access to protected information.


  • Identifies whether a user is an employee or vendor.

  • Users who should have had their access terminated can also be identified.


Necessary Functions Worksheet

Presents startup applications, services, and other functions for each server in the Cardholder Data Environment (CDE).


  • Allows us to identify functions which are unnecessary for the server to fulfill its primary function.


Antivirus Capability ID Worksheet


Presents the features and capabilities Antivirus Software deployed on computers throughout the network—both in and out of the Cardholder Data Environment (CDE).


PAN Scan Verification Worksheet

Determines if detected numbers are truly an identifying account number/credit card.


Compensating Controls Worksheet

Shows potential security issues and the compensating controls that may be put in place.


  • PCI allows compensating controls to be put in place to mitigate potential security issues in the environment.


PCI Layer 2/3 Diagram

Shows the various components discovered along with their Layer 2 and Layer 3 connections.

  • Systems and devices that are part of the Cardholder Data Environment (CDE) are highlighted.

  • Having a representation of the components in the CDE along with their connectivity to the global network is a requirement of PCI.


bottom of page