Card data protection Review and Rescue

We helped our client enhance governance, improve planning, identify key risks and define their path back to ‘Green’

The challenge

This UK Card Merchant and Issuer had to enhance the protection of its customers card data. It launched a programme tasked with delivering a wide range of technical and operational changes required to meet a PCI DSS compliance standards.

The programme had failed to meet key milestones and was reporting as ‘Red’. Further, an internal assurance review identified significant weaknesses across the programme and concerns about its ability to successfully deliver. The programme required a turn-around.

Our approach

PEN deployed a small team to focus on:

  • Enhancing the programme governance
  • Improving programme planning
  • Identifying key risks and gaps
  • Defining the path back to ‘Green’

In addition to recovering the programme, we fulfilled a number of implementation roles required to assure delivery as well as mobilising a key element of ‘business and operational readiness.’

The outcome

We delivered:

  • Changes to the Executive ownership and governance processes
  • Programme Restructure (around key transition states)
  • Renewed planning (including developing a plan to restore the programme’s risk status)
  • Definition of Target Operating Model
  • Mobilisation of Business and Operational Readiness

Rapid diagnosis of key issues, identification of the most effective solutions and deployment of our recommendations prevented the programme from slipping further and provided stability and momentum to take the it forwards.