We offer a wide range of services related to PCI DSS

We, NTT DATA INTELLILINK Corporation, are both a "security specialist" and a "certified audit organization". Starting from auditing based on the original framework of PCI DSS to the latest version 4.0, we provide optimal proposals for each client, from "consulting" to "solutions," to "accreditation audits," and "maintenance support."


Image of Total Three Services

Trust us for any work concerning PCI DSS!

Our experienced team of professionals, including expert QSAs, provides consistent support throughout the four processes.

"Consulting" - Understanding the status and formulating a plan

Through our PCI DSS compliance support consulting service, we provide total support from planning to final confirmation before audit by leveraging our experience and know-how of on-site PCI DSS audits as a QSA . This helps our clients to appropriately comply with the requirements of PCI DSS by following an optimal plan. Of course, we also provide partial services.

Details of Consulting Services

Compliance planning support
  • Support for overall planning based on the current staffing plans, development/operation status, system upgrades, budgets, etc.
Gap Analysis
  • Assessing the current status and identifying areas of non-compliance to PCI DSS using the same methods and points as for the main audit
  • Conducting Gap Analysis focusing on requirements added or changed in Version 4.0
  • Web application diagnostics
    Vulnerability assessment and problem identification for public web applications
  • Wireless Scanning
    Identification testing of wireless devices from wireless analyzers and internal networks
  • Vulnerability Scanning
    Internal and external network vulnerability scanning
  • Penetration Test
    Penetration testing is performed for the network as well as application layer. We conduct simulated attacks to comprehensively identify weaknesses that cannot be found by vulnerability scans.
Assistance in formulating corrective action plans
  • When a corrective action plan is to be developed for the areas of non-compliance identified in the gap analysis, we evaluate whether the corrective measures are appropriate, insufficient or excessive
Evaluation of implemented countermeasures
  • We check whether the measures have been implemented as planned

Improvement actions "Solutions"

We offer various solutions to address the issues identified in gap analysis and testing of systems.

Details of solutions service

Solution Diagram for PCI DSS Objectives and Challenges

Examination and reporting for "Accreditation Audits"

As a QSA, we conduct on-site audits required to verify compliance to PCI DSS.
We offer maintenance support service wherein we check the daily compliance status and assist in early detection and resolution of problems.

Details of accreditation audit service

Final assessment
  • Verification of scope
    Verifying the scope of the on-site PCI DSS audit by understanding the network diagram and the nature of your business
  • Interview
    Answer oral questions to understand your business and verify compliance with PCI DSS requirements
  • Document verification
    Verification of documented procedures, standard documents, policy documents, records on the system, various control books, etc.
  • Examination of equipment configuration
    Visual on-screen confirmation of settings for servers, network devices, etc.
  • Observation
    On-site inspection of facilities and operational processes for system development, operations, business locations and data centers
  • Report submission
    We prepare and submit the audit results, which contain a record of the items confirmed throughout the audit, in accordance with the format prescribed by the PCI SSC. We issue a signed Attestation of Compliance (AOC).
Post-audit support
  • If non-conformities are found in the audit, we assess the status of corrective actions taken and reflect the same in the report
Certificate issued
- Option -

We offer a "preliminary examination" to prepare for the main examination, a "debriefing session" after the main examination, and an optional "re-examination" in the unlikely event that the applicant fails the main examination.
We also provide "PCI PIN Security Compliance Support Services" for the secure management, processing, and transmission of PINs for payment transactions required at ATMs and POS machines and "P2PE Compliance Support Services" for P2PE solution providers and P2PE application vendors.

"Maintenance Assistance" under post-audit support

Even after compliance with PCI DSS is confirmed, it is not easy to maintain compliance as daily operations, system specifications, personnel, and many other things change.
Compliance needs to be reviewed once each year. In maintenance support, we conduct routine tests and gap analysis, respond to queries, and provide updates to help ensure that compliance is properly maintained and problems, if any, are identified and resolved as early as possible.

Details of maintenance support service

Routine testing
  • We conduct all routine tests (vulnerability scan, penetration test, wireless scan) required by PCI DSS.
Routine gap analysis
  • We conduct interviews and document review to identify actions that need to be implemented periodically to maintain PCI DSS compliance.
  • ● Change control records ● Account management records ● Training implementation records ● Various system logs, etc.
Responding to queries
  • QSAs answer questions and queries concerning PCI DSS compliance via email or web conference.
Provision of information
  • We provide information on industry trends, such as updates to PCI DSS, revisions to related laws, and information on various international brands.

Related Information


We also handle training related to PCI DSS.

Related Links

* These products or services are only available in Japan.

PCI DSS Total Services