Home > Services > Compliance > 7 Step Process


7 Step Process

Privity is committed to helping your organization meet its compliance obligations. This seven-step overview outlines the methodology we use to achieve compliance quickly and cost-effectively. The steps are independent of one another and are contingent on your needs. They can be combined as desired, providing that the Scoping phase is re-done prior to commencing additional steps.

STEP 2: Scoping

The most important exercise at the beginning of any PCI project is to have a QSA conduct detailed scoping, since all of the identified systems and devices need to be protected in accordance with the standard.

Privity breaks the scope into three distinct areas: Primary, Peripheral, and Administrative. Primary Scope is determined by mapping card data flows against the physical and logical network diagrams and documenting the affected systems. Peripheral Scope includes all adjacent systems, while Administrative scope documents all the zones and systems with direct access to the Primary and Peripheral Scope systems. Together, they comprise your overall scope.