Goal

What the client needed to achieve

Following a policy change from the Payment Card Industry Data Security Standard (PCI DSS), a large healthcare system was required to report PCI compliance as a single entity rather than through separate business units such as gift shops, pharmacies, and parking garages.

This shift significantly increased the scope and complexity of their compliance requirements. With only one employee managing the effort and a strict 18-month deadline, the healthcare system engaged Sendero to assess current practices, close compliance gaps, and ensure timely submission of their PCI reporting.

Results

The PCI compliance initiative delivered tangible results

Delivery

How Sendero delivered

Sendero partnered with the healthcare system’s PCI lead to conduct a thorough current-state assessment, identify key gaps, and coordinate remediation efforts across departments.

Highlights:

• Interviewed 22 managers overseeing payment systems across multiple business units
• Evaluated 11 third-party payment applications for compliance alignment
• Established a centralized inventory tracking system to monitor hundreds of devices and ensure ongoing accuracy
• Resolved vulnerabilities discovered during penetration testing, including password security and system hardening
• Eliminated high-risk practices, such as recording or writing down payment card data
• Introduced mandatory annual PCI training and standardized policies for all new payment processes

Practice

Building a secure foundation for compliance

Through Sendero’s leadership and collaboration, the healthcare system met all PCI requirements ahead of schedule and established sustainable practices to maintain compliance. The organization now operates with stronger data security, consistent processes, and increased confidence in protecting customer payment information.

Key Contacts

Amy Goad

Managing Director, Consulting

Read bio

Bryant Robinson

Principal, Consulting

Read bio