HSM Estate Audit and Health Check

Estate Integrity validation for HSM Service Providers.

ID-3 has proven experience in Key Block migrations and can support services surrounding the current and target standards enabling a clear strategy to be developed.

HSM Estate Audit

Within your organisation the Payments HSMs provide a significant service as part of the critical infrastructure.

Knowing that your HSMs have been deployed in a secure manner and that they are configured in-line with the requirements of your business is a highly important function. HSMs enable the business to meet its regulatory obligations to deliver the expected service to your business.

ID-3 Consulting Services can deliver a Payments HSM Estate Audit to give you the necessary assurance that your HSM estate is providing a healthy and low risk service considering the key compliance requirements relevant to your organisation.


The ID-3 HSM Estate Audit covers the following areas of your deployment:

  • Policy and procedural framework
  • Hardware and Physical and Master Key status
  • HSM installation, configuration, and deployment
  • Operational Deployment
  • Backup and Recovery
  • HSM Attack Surface Review
  • Tamper Condition
  • PCI HSM Status
  • HSM (PCI PTS PIN) Key Support Block Status
  • Audit and logging Security controls

The HSM Healthcheck Process

The HSM Health Check is undertaken in two phases.


System Reconnaissance – Onsite evaluation of HSM estate, focussing on the relevant aspects to be reported upon. It may be necessary to carry out short interviews with the relevant custodians and stakeholders to gather the right reporting data.


Investigation and Report – After a full analysis of the data collected during Phase 1 reporting will take place. The report is intended to enable:- – High level review of the findings – Relevant rational behind existing configuration along with necessary recommendations on issues which may need further guidance. The report is intended to enable offline discussion with relevant stakeholders in your business.

The report is intended to enable offline discussion with relevant stakeholders in your business.

ID-3 the Partner of Choice

ID-3 goes further than just the technical considerations of your setup.

The ID-3 Estate Audit also covers the policy and controls in place to satisfy your compliance and good practice needs. Whilst many organisations require similar controls to support their policy the daily processes used to deliver the right governance are not always considered pre or post production deployment.

ID-3 consultants are industry experts in the deployment and the operation of HSMs from small to large deployments and have the tools and the experience to provide advice and assurance your business requires.