Thursday September 20, 2018
PCI Discussion Forum
PDF Print E-mail
Validation and Consulting

For a merchant seeking help in becoming PCI compliant there are several different resources available, some of which are included on this site. Others include the use of qualified auditors or consultants. The PCI SSC has lists of companies that are qualified to check the PCI policies and procedures that a merchant already has in place. For proactive help in initiating and enacting PCI compliance an outside consultant would be very helpful.

  • QSAs/ASVs- To validate a merchant's PCI compliance there are two groups that work with and report to the PCI SSC. These groups of companies do not help a merchant in becoming PCI compliant, but rather validate their existing PCI policies and procedures.
    • Qualified Security Assessors- QSAs are companies that are certified by the PCI SSC to audit a merchant's PCI security systems. These audits fulfill the requirements of a Level 1 merchant's annual audit. A complete list of certified QSAs can be found here:
    • Approved Scanning Vendors- ASVs are companies that are certified by the PCI SSC to perform scans of a merchant's PCI security systems. These scans fulfill the requirements of Level 1, 2, 3, &4 merchants to have their systems scanned quarterly. A complete list of certifies ASVs can be found here:

  • Consulting Services- Oftentimes the best way to ensure that your company is 100% PCI compliant is to consult with outside PCI experts. Some of these services may include those offered by the big four consulting firms or more specifically managed hosting companies. Certain managed hosting companies, such as NeoSpire, can assist in taking a merchant through the PCI compliance process and ensure that they pass inspection of the QSAs and ASVs
Tools and Calculators

Gap Assessment Tool
Take this assessment to gain greater insight into the challenges you are facing

Business Resources