PCI-DSS Compliance Certifications | IT Assurance

Why Choose Us for PCI Compliance Certification

As one of the leading groups of Qualified Security Assessors (QSA) certified by the PCI Council, AWA – a division of I.S. Partners, LLC – is dedicated to information security testing focused on our clients’ compliance needs.

We leverage in-depth knowledge of existing audits from decades of experience in order to streamline the process and deliver outcomes that support broader corporate security and risk management goals. Our goal is to make PCI compliance an anxiety-free process for you and your team.

PCI DSS 4.0 – Are You Ready?

The deadline to update security measures and assure compliance with the new version is approaching fast. Start the Transition Today!

Significant discounts are available for current clients.

Our Approach to PCI Compliance Certification

Companies love working with AWA and I.S. Partners because of our compliance-focused security services. Our team gets to know your organization and its needs in order to make both security efforts and compliance engagements, optimizing your time and investment.

PCI Compliance Testing
Security Framework Assessments – ISO 27001, NIST, SANS Top 20 Critical Security Controls
IT Security Risk Assessments
Security Architecture Analysis
Security Program Development
Vulnerability Testing
Virtual CISO / CISO Advisory Services

What’s Included in Your PCI Compliance Audit?

Scoping

Our QSAs will help determine your PCI compliance scope and compliance requirements, including reporting requirements such as a Self-Assessment Questionnaire or a Report on Compliance, and Penetration testing and/or Approved Scanning Vendor or ASV Scans.

Testing

Our PCI compliance analysts will conduct interviews, control walkthroughs, and review documentation and control artifacts to assess compliance to PCI DSS requirements. With PCI-compliant penetration testing, they are able to spot vulnerabilities in applications and systems. We also perform internal and external scanning with an ASV scanner in fulfillment of requirement 11.

Gap Assessment

Our QSAs will assess your organization’s security measures and identify gaps in compliance with the PCI DSS Requirements and report the gaps to management.

Remediation Advisory

Our QSAs will provide guidance on remediating gaps in compliance with the PCI DSS standard and can also provide remediation assistance as desired.

Compliance Reporting

Our QSAs will complete the Report on Compliance, the Attestation of Compliance, as required. We deliver independent validation of PCI DSS compliance and a ROC that can be submitted to an acquirer or one of the card associations (VISA, MasterCard, American Express, Discover, JCB).

PCI Self-Assessment Questionnaire (SAQ)

If only an SAQ is required, we can provide assistance in selecting the appropriate SAQ and advise on completion as needed.

Get a Quote Book a Free Consultation

FAQs

Common Questions

What is PCI DSS?

Major credit card companies such as MasterCard, Visa, Discovery, American Express, and JCB International created the Payment Card Industry Security Standards Council (PCI SSC) to help companies globally with their security systems when transmitting, receiving, using and storing cardholder information. Get the full answer here.

To whom does PCI apply?

PCI applies to ANY organization, service provider or merchant, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data. Said another way, if any customer of that organization ever pays the merchant directly using a credit card or debit card, then the PCI DSS requirements apply.

What does the PCI DSS require?

The PCI DSS requires internal and external network penetration testing, as well as application-layer penetration testing, to find exploitable vulnerabilities. At a high level, PCI DSS requires that you, build and maintain a secure network and systems,
protect cardholder data, maintain a vulnerability management program, implement strong access control measures, regularly monitor and test networks, and maintain an information security policy.
PCI DSS requirements vary depending upon the organization’s transaction volume and the configuration of the PCI Environment. PCI may require the organization to complete an onsite assessment (Report on Compliance or ROC) by a Qualified Security Assessor (QSA) or may allow the organization to self-assess using a self-assessment questionnaire (SAQ). The organization may be required to conduct other security assessments in support of PCI Compliance such as External Penetration Testing, Internal Penetration Testing, and scanning performed by an approved scanning vendor (ASV).

Are there different compliance levels for PCI DSS?

Yes. Compliance levels for PCI DSS are based on the volume of credit card payment transactions that are made within a 12-month period. There are 4 merchant compliance levels defined by the Visa credit card brand. Find out what the 4 levels of PCI DSS compliance are here.

What is the ‘Prioritized Approach’ in PCI DSS?

The Prioritized Approach provides a roadmap of compliance activities based on risk associated with storing, processing, and/or transmitting cardholder data. The roadmap helps to prioritize efforts to achieve compliance, establish milestones, lower the risk of cardholder data breaches sooner in the compliance process, and helps acquirers objectively measure compliance activities and risk reduction by merchants, service providers and others.
Read more about this approach here.

Is PCI DSS compliance voluntary?

No. Any business that engages in credit card transactions must follow PCI DSS requirements to safeguard cardholder information. And organizations that are found to not comply with PCI standards can be fined from $5,000 up to $100,000 per month for infractions.
No single vendor or product will cover all 12 PCI DSS requirements or meet several minimal standards. Instead, you should create a comprehensive security strategy that reaches PCI compliance and then use products and vendors that further complement your network system security to provide enhanced protection.
If you decide to outsource your credit card transactions, you will still need to meet PCI DSS compliance when transmitting cardholder data to the outsourced company. You also need to ensure that the outsourcing company you use meets PCI DSS compliance.

What is the process for PCI compliance certification?

To get PCI compliance certification, follow these steps:
1. Assess your current environment.
2. Remediate any security gaps.
3. Complete a Self-Assessment Questionnaire (SAQ).
4. Have vulnerability scanning or penetration testing done by an Approved Scanning Vendor (ASV) or a Qualified Security Assessor (QSA).
5. Submit a Report on Compliance (ROC).
6. Obtain an Attestation of Compliance (AOC) which attests to PCI compliance.

Who can perform a PCI DSS compliance audit?

A PCI DSS compliance audit can be performed by a Qualified Security Assessor (QSA) or an Approved Scanning Vendor (ASV) for vulnerability scanning, like the professionals at I.S. Partners and AWA. QSAs and ASVs are professional organizations that have been certified and authorized by the PCI SSC to assess an organization’s compliance with the PCI DSS requirements. QSAs possess the necessary training, expertise, and experience to audit organizations that process, store, or transmit cardholder data and ensure they adhere to the PCI DSS requirements.
A Self-Assessment Questionnaire (SAQ) can be completed for smaller merchants and service providers instead of a full audit, provided they meet specific eligibility criteria. However, even in those cases, engaging a QSA can be beneficial for guidance and support.

PCI Compliance Services

Achieve Seamless PCI-DSS Compliance

Get a Quote

Why Choose Us for PCI Compliance Certification

PCI DSS 4.0 – Are You Ready?

Our Approach to PCI Compliance Certification

What’s Included in Your PCI Compliance Audit?

Scoping

Testing

Gap Assessment

Remediation Advisory

Compliance Reporting

PCI Self-Assessment Questionnaire (SAQ)

Common Questions

Learn More About PCI-DSS Services

Changes to Expect with the Transition to PCI 4.0

PCI 4.0 Demands Automated Security Measures

What Non-Profits Need to Know About PCI Compliance

Get a Customized Quote

Great companies think alike.