PCI DSS v4.0.1 · Readiness assessment

Most of PCI DSS
doesn't apply to you.
Find out which part does.

The standard has 250 controls. Almost nobody has to meet all of them — but until someone tells you which ones you can rule out, and why, you're guessing at the size of your own problem.

InitialEyes gives you the first look: a scoped, evidence-backed picture of where you stand, what's actually broken, and the order to fix it in. Fixed fee, one week.

250 / 250
Controls
in scope

Tell it about your business

Nothing selected — assume everything applies. Switch on what's true of you.

The engagement

Three steps, about a week.

STEP 01

Scope

We establish what's actually in your cardholder data environment — and put in writing which controls don't apply to you, with the reason for each exclusion. An unexplained "not applicable" is the first thing an assessor will challenge.

STEP 02

Assess

We review your environment against every control that remains: configuration, access, logging, encryption, policy. Passive review by default. Anything active happens only with your written authorization.

STEP 03

Report

You get a readiness score, every gap ranked by severity, and a phased remediation plan your team can execute against. Written to be handed to a board, an acquirer, or an engineer — not to impress you with jargon.

The deliverable

What lands in your inbox.

A single PDF. No portal to log into, no seat licence, no upsell.

Straight answer

You may not need us.

If you're a small merchant who has fully outsourced payments to a hosted gateway and never touches a card number, your obligation may be a short self-assessment questionnaire you can complete yourself in an afternoon. We'll tell you that for free, and we'll tell you which SAQ it is.

Where we earn our fee is the messy middle: you take payments online, you've got some AWS infrastructure that grew organically, nobody's certain whether card data has ended up in a log or a spreadsheet, and your acquirer is now asking questions. That's the problem worth paying to have looked at properly.