The RSM SCORE program supports your organization through the entire PCI compliance lifecycle to help you build repeatable, consistent processes for achieving and maintaining compliance. This methodology is intended to be cyclical, as moving through the phases promotes program maturity and transitions compliance efforts to a more managed, automated and measurable state. In addition, routinely validating scope and aligning organizational components can help you identify new opportunities for optimization. This approach is scalable for organizations of any size, compliance footprint and maturity level.
PCI SCORE phases include:
S – Scope evaluation: The PCI DSS calls for scope evaluation on an annual basis. We can help you understand how and where you process, transmit and store credit card data, as well as how connected systems may affect the scope of your PCI compliance. The scope evaluation will give you a better understanding of what your PCI assessment will entail, which Self-Assessment Questionnaire will apply, and whether you are required to complete a Report on Compliance.
C – Collaborative remediation: We identify gaps, help reduce their scope and advise you on remediation strategies, working with your team to support efficiency and consistency.
O – Organizational alignment: This phase is essential to maintaining a mature PCI program. The goal is to remove organizational silos and create cohesiveness across business functions. To this end, our team provides input on roles and responsibilities, and helps you outline an overarching compliance strategy encompassing your entire regulatory footprint (e.g., PCI standards, privacy regulations, and other federal and state laws).
R – Reporting compliance: In addition to helping you report initial compliance, we guide you in establishing a process to maintain and monitor compliance on an ongoing basis. We assist with developing internal reporting and oversight to establish a strong compliance reporting framework. We also help you lay the foundation for continual compliance, such as using dashboards for ongoing monitoring and consistent validation of controls.
E – Evolving maturity: The final SCORE phase involves cultivating the ability to demonstrate compliance at any time of year and adapt to evolving hardware, software and business requirements. This may include leveraging a governance, risk management, and compliance integration or an audit management solution to automate and centralize responses to regulatory compliance requests. These efforts help to integrate compliance into routine business processes and continually mature your compliance program.