A large Portuguese financial institution faced challenges in obtaining specific certifications, including the PCI DSS certification for a major bank in Portugal and the PCI DSS certification for more than 30 merchants. Given the size and complexity of the organization, these challenges were addressed through the implementation of various GRC and RTS activities, such as Scope and Gap Analysis, Remediation Plan (GRC), and Penetration Tests, External and Internal Scans, ASV Scan, Wi-Fi test, and Segmentation Test (RTS).

After ensuring compliance with regulatory requirements and evaluating cyber defenses, the institution succeeded in obtaining the first PCI DSS certification for the major bank in Portugal. This achievement involved delivering a Report on Compliance (RoC) and Attestation of Compliance (AoC). Additionally, the organization obtained PCI DSS certification for more than 30 merchants. The process also revealed RTS opportunities related to testing and scanning (cross-selling) and initiated a long-term project, enhancing the company's reputation in the market.