Cardholder Data Discovery

Often, the first challenge in identifying the proper scope for PCI compliance initiatives is determining where credit card data is currently being stored or transmitted throughout the IT environment.

Halock will utilize data discovery software to scan systems for credit card information (and optionally for other kinds of sensitive data - ePHI, PII, and so on).

Once all credit card information has been identified, appropriate decisions can be made by your organization to eliminate the data, move it into a secured area, or leave it as is. Once cardholder data consolidation is complete, it will be possible to establish an appropriate scope for PCI compliance efforts, which will include all systems storing, processing or transmitting cardholder data, as well as any connected systems (those not separated from cardholder related systems by a firewall).

Halock will interview appropriate IT and management personnel at your organization to identify the most likely locations where cardholder data is known to be stored. Working with your organization Halock will determine an appropriate sampling basis for data discovery efforts, identify databases to be included in the scope of cardholder data discovery, and obtain an export of database contents in a text-searchable format. Upon completion, Halock will create a report summarizing the type and locations of all sensitive data discovered and provide guidance regarding possible means of securing, consolidating or eliminating the discovered data in order to control the scope of PCI compliance efforts