PCI Assessment Services

Our PCI Assessment Services provide a structured approach to your compliance needs. Assessment engagements follow a standardized methodology and result in a formal assessment that reports on your organization’s compliance status per PCI DSS requirements. Assessment services include: 

• PCI Gap Assessment: Our QSAs evaluate your organization’s preparedness against the PCI DSS to help you understand your current PCI compliance status. Included in this assessment is a recommended strategy to address any compliance gaps.
• PCI Remediation Development and Implementation: For organizations that have completed a Gap Assessment, our experts will help create a high level, prioritized approach and roadmap to remediate identified gaps and can provide the expertise to execute your remediation plan.
• PCI Annual Assessment: Our team will conduct the annual assessment required by the PCI Security Standards Council. This service includes validating your organization’s PCI compliance scope, completing the required testing procedures, and completing the Merchant or Service Provider Report on Compliance (ROC) or Self-Assessment Questionnaire (SAQ), as well as the accompanying Attestation of Compliance (AOC).
• PCI DSS 4.0 Delta Assessment – Gain an understanding of what you need to do to be ready for version 4.0.  Our QSAs will review your in-scope environment against the new and updated requirements in 4.0, as well as advise on the new Customized Approach, so that you can make the necessary adjustments, align with the changes, and strengthen your cardholder data protection.

PCI DSS Advisory Services

If you have a specific PCI compliance-related question or issue, our highly-customizable Advisory Services are designed for our PCI QSAs to become an on-demand extension of your team. We will work with you in whatever capacity is needed to ensure your compliance-related challenges are addressed. We can help you by: 

• Identifying client cardholder data payment channels 
• Determining the existing scope of your PCI environment
• Providing informal training for employees with PCI responsibilities
• Identifying necessary controls to support PCI and reviewing internal testing strategies
• Providing guidance regarding solutions supporting PCI compliance 
• Offering general PCI consultation and coaching

Getting ready for version 4.0?  We can help with all the scoping and other activities that the updated standard now requires of merchants and service providers.  Our PCI 4.0 Readiness Services add a QSA to your team to lead the charge in executing required scope confirmation and other activities and developing the required documentation to show you are fully aligned with the updated standard.

Additional Services to Support Your PCI Compliance Efforts

We provide other professional services and procurement capabilities that can help support your organization’s PCI compliance efforts, including:

• Internal and external penetration testing
• Internal and external vulnerability scanning
• Application security testing and qualified third-party security code reviews
• Managed security services
• Policy and procedure development
• Risk assessment
• Vendor management