Defining the scope and PCI DSS documentation developing

• Determining the scope of PCI DSS standard
• Providing recommendations on the organization and construction of an information system in accordance with PCI DSS standard requirements
• Developing the necessary top-level management documentation (policy) for managing IT / IS processes in accordance with PCI DSS standard

Implementing information security processes to ensure compliance with PCI DSS requirements

• Implementing IT / IS processes to meet the requirements of PCI DSS standard
• Risk assessment
• Development of mid-level documentation for managing IT / IS processes
• Conducting staff training for PCI DSS requirements

Periodic technical activities according to the PCI DSS standard

• Wi-Fi Network Scan – quarterly
• Network segmentation test – twice a year
• Internal Vulnerability Scanning – quarterly
• External ASV Vulnerability Scan – quarterly
• Internal review of compliance with the requirements of PCI DSS – quarterly

Security assessment (conducting a penetration test) of an information system within the scope of the PCI DSS standard

• External penetration test – once a year
• Internal penetration test – once a year
• Vulnerability assessment and attack modelling on WI-FI – once a year