PCI-DSS Compliance Certifications | IT Assurance

ADVANTAGES

Why Choose Us for PCI Compliance Certification

As one of the leading groups of Qualified Security Assessors (QSA) certified by the PCI Council, AWA – a division of I.S. Partners, LLC – is dedicated to information security testing focused on our clients’ compliance needs.

We leverage in-depth knowledge of existing audits from decades of experience in order to streamline the process and deliver outcomes that support broader corporate security and risk management goals. Our goal is to make PCI compliance an anxiety-free process for you and your team.

PROCESS

Our Approach to PCI Compliance Certification

Companies love working with AWA and I.S. Partners because of our compliance-focused security services. Our team gets to know your organization and its needs in order to make both security efforts and compliance engagements, optimizing your time and investment.

PCI Compliance Testing
Security Framework Assessments – ISO 27001, NIST, SANS Top 20 Critical Security Controls
IT Security Risk Assessments
Security Architecture Analysis
Security Program Development
Vulnerability Testing
Virtual CISO / CISO Advisory Services

AUTOMATION

Free PCI Audit Software for Our Clients

Fieldguide automated PCI audit software is free to use for all I.S. Partners clients. Start working with us and getting faster, less expensive compliance engagements.

More Info

WHAT’S INCLUDED

PCI Compliance Audit Services

Scoping

Our QSAs will help determine your PCI compliance scope and compliance requirements, including reporting requirements such as a Self-Assessment Questionnaire or a Report on Compliance, and Penetration testing and/or Approved Scanning Vendor or ASV Scans.

Testing

Our PCI compliance analysts will conduct interviews, control walkthroughs, and review documentation and control artifacts to assess compliance to PCI DSS requirements. With PCI-compliant penetration testing, they are able to spot vulnerabilities in applications and systems. We also perform internal and external scanning with an ASV scanner in fulfillment of requirement 11.

Gap Assessment

Our QSAs will assess your organization’s security measures and identify gaps in compliance with the PCI DSS Requirements and report the gaps to management.

Remediation Advisory

Our QSAs will provide guidance on remediating gaps in compliance with the PCI DSS standard and can also provide remediation assistance as desired.

Compliance Reporting

Our QSAs will complete the Report on Compliance, the Attestation of Compliance, as required. We deliver independent validation of PCI DSS compliance and a ROC that can be submitted to an acquirer or one of the card associations (VISA, MasterCard, American Express, Discover, JCB).

PCI Self-Assessment Questionnaire (SAQ)

If only an SAQ is required, we can provide assistance in selecting the appropriate SAQ and advise on completion as needed.

GET STARTED

Take the Anxiety out of PCI Compliance Audits

If your company needs PCI compliance attestation, simplify the process by choosing with I.S. Partners, a trusted provider of audit services. Fill out our online form for more information or to request a quote for PCI compliance services tailored to your organization’s needs.

Get a Quote Book a Free Consultation

COMPLIANCE UPDATE

PCI DSS 4.0 – Are You Ready?

The deadline to update security measures and assure compliance with the new version is approaching fast. Start the Transition Today!

Significant discounts are available for current clients.

FAQs

Common Questions

What is PCI DSS?

Major credit card companies such as MasterCard, Visa, Discovery, American Express, and JCB International created the Payment Card Industry Security Standards Council (PCI SSC) to help companies globally with their security systems when transmitting, receiving, using and storing cardholder information. Get the full answer here.

To whom does PCI apply?

PCI applies to ANY organization, service provider or merchant, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data. Said another way, if any customer of that organization ever pays the merchant directly using a credit card or debit card, then the PCI DSS requirements apply.

What does the PCI DSS require?

The PCI DSS requires internal and external network penetration testing, as well as application-layer penetration testing, to find exploitable vulnerabilities. At a high level, PCI DSS requires that you, build and maintain a secure network and systems,
protect cardholder data, maintain a vulnerability management program, implement strong access control measures, regularly monitor and test networks, and maintain an information security policy.
PCI DSS requirements vary depending upon the organization’s transaction volume and the configuration of the PCI Environment. PCI may require the organization to complete an onsite assessment (Report on Compliance or ROC) by a Qualified Security Assessor (QSA) or may allow the organization to self-assess using a self-assessment questionnaire (SAQ). The organization may be required to conduct other security assessments in support of PCI Compliance such as External Penetration Testing, Internal Penetration Testing, and scanning performed by an approved scanning vendor (ASV).

Are there different compliance levels for PCI DSS?

Yes. Compliance levels for PCI DSS are based on the volume of credit card payment transactions that are made within a 12-month period. There are 4 merchant compliance levels defined by the Visa credit card brand. Find out what the 4 levels of PCI DSS compliance are here.

What is the ‘Prioritized Approach’ in PCI DSS?

The Prioritized Approach provides a roadmap of compliance activities based on risk associated with storing, processing, and/or transmitting cardholder data. The roadmap helps to prioritize efforts to achieve compliance, establish milestones, lower the risk of cardholder data breaches sooner in the compliance process, and helps acquirers objectively measure compliance activities and risk reduction by merchants, service providers and others.
Read more about this approach here.

Is PCI DSS compliance voluntary?

No. Any business that engages in credit card transactions must follow PCI DSS requirements to safeguard cardholder information. And organizations that are found to not comply with PCI standards can be fined from $5,000 up to $100,000 per month for infractions.
No single vendor or product will cover all 12 PCI DSS requirements or meet several minimal standards. Instead, you should create a comprehensive security strategy that reaches PCI compliance and then use products and vendors that further complement your network system security to provide enhanced protection.
If you decide to outsource your credit card transactions, you will still need to meet PCI DSS compliance when transmitting cardholder data to the outsourced company. You also need to ensure that the outsourcing company you use meets PCI DSS compliance.

What is the process for PCI compliance certification?

To get PCI compliance certification, follow these steps:
1. Assess your current environment.
2. Remediate any security gaps.
3. Complete a Self-Assessment Questionnaire (SAQ).
4. Have vulnerability scanning or penetration testing done by an Approved Scanning Vendor (ASV) or a Qualified Security Assessor (QSA).
5. Submit a Report on Compliance (ROC).
6. Obtain an Attestation of Compliance (AOC) which attests to PCI compliance.

Who can perform a PCI DSS compliance audit?

A PCI DSS compliance audit can be performed by a Qualified Security Assessor (QSA) or an Approved Scanning Vendor (ASV) for vulnerability scanning, like the professionals at I.S. Partners and AWA. QSAs and ASVs are professional organizations that have been certified and authorized by the PCI SSC to assess an organization’s compliance with the PCI DSS requirements. QSAs possess the necessary training, expertise, and experience to audit organizations that process, store, or transmit cardholder data and ensure they adhere to the PCI DSS requirements.
A Self-Assessment Questionnaire (SAQ) can be completed for smaller merchants and service providers instead of a full audit, provided they meet specific eligibility criteria. However, even in those cases, engaging a QSA can be beneficial for guidance and support.

PCI Compliance Services

Achieve Seamless PCI-DSS Compliance

Get a Quote