When you choose a PCI Compliance Services provider experience should be a heavily weighted variable in the decision making process. Our experts know how to simplify reports for executive and then lay out all the technical findings for those who are interested in such details. Making us an excellent choice for any organization looking to achieve PCI Compliance without overspending.
The PCI Data Security Standard (DSS) was built by the PCI Security Standards Council (PCI-SSC) and is enforced by the payment card brands. For example, American Express, Discover Financial Services, JCB International, Visa Inc, and MasterCard Worldwide. They were designed to encourage and enhance cardholder data security and promote global adoption of consistent data security measures.
The PCI-DSS Standard is comprised of 12 broad requirements which organizations must meet to maintain compliance. The requirements for what must be submitted to confirm compliance vary depending on the merchant and card brand or issuer. PCI-DSS applies to all entities involved in payment card processing – including merchants, processors, acquirers, issuers, and service providers, as well as all other entities that store, process, or transmit cardholder data.
Now we have grown in size, added new service offerings, and constantly stayed up to date with new compliance initiatives but our commitment is the same… No matter the size, mandate, or hurdle, we provide every customer with care and a streamlined solution.
Our Company was founded with an ample concentration on Compliance, hence being PCI QSAs, this was our comfort zone. Moving forward we were confident that our + 20 years’ experience would assist us in providing services for our clients at an exceptionally high level. Now we have been in business for over 10 years serving customers across the globe with cybersecurity & compliance solutions. Over the years we have added to our service offerings and stayed up to date with new compliance initiatives but our commitment to client satisfaction remains the same. No matter the size, mandate, or hurdle, we provide every customer with care and a streamlined solution.
- Formerly a PCI DSS QSA – Qualified Security Assessor Company.
- Performed hundreds of PCI Audits for companies in multiple industries.
- We make the process simple by providing a superior level of customer support.
- We work hard to protect your sensitive data.
- Experts in Compliance – With the track record to prove it.
- Build communication highways to promote rapid success.
PCI Compliance requirements are detailed in the PCI SSC Quick Reference Guide. An individual company’s level of compliance with the requirement can vary depending on the stage of adoption of the standard. Companies can be planning for, implementing or maintaining the requirements based on how new the requirement is for their organization. However, to report PCI compliance all 12 PCI-DSS requirements and security assessment procedures must be validated as “in-place”, or “in-place” via compensating control, or a result of a requirement being ―Not Applicable.
Assuming that all PCI Compliance requirements have been met through a PCI-QSA the following steps are required for reporting on PCI compliance:
- Complete the Report on Compliance (ROC) according to the “Instructions and Content for Report on Compliance”.
- Ensure passing vulnerability scan(s) have been completed by a PCI-SSC Approved Scanning Vendor (ASV), and obtain evidence of passing scan(s) from the ASV.
- Complete the Attestation of Compliance (AOC) for Service Providers or Merchants, as applicable, in its entirety. Attestations of Compliance are available on the PCI-SSC website (www.pcisecuritystandards.org).
- Submit the ROC, evidence of a passing scan, and the AOC, along with any other requested documentation, to the acquirer (for merchants) or to the payment brand or other requester (for service providers).
- In addition, contact each payment brand to determine any additional or required reporting info to ensure each payment brand acknowledges your compliance status. Misinterpretation of the PCI-DSS and PCI compliance requirements can subject companies to large fines and revocation of payment card privileges. PCI-QSA certified companies can assist with PCI-QSA assessment and consulting services.
We can answer all of your PCI questions and concern contact us and one of our consultants will be in contact with you shortly.