PCI DSS Assessment and Auditing
And once you are ready for assessment, URM’s Team of PCI QSAs is able to offer you a range of PCI DSS audit services, including:
- QSA-led PCI Report on Compliance (ROC). When all PCI DSS control gaps have been identified, and remediation activities have been completed, a QSA audit is required in order to establish that a Level 1 merchant or service provider fully meets all of the control objectives of the PCI DSS. URM is able to deliver a full PCI audit led by experienced assessors. After testing your controls and reviewing documentation of your findings, URM’s Team of QSAs will develop a summary of findings, culminating in a ROC which verifies your organisation’s compliance. Our Team will also provide a completed Attestation of Compliance (AoC) form and allow for the required paperwork to be submitted to the party requesting compliance from your organisation.
- QSA Supported SAQs. This service involves URM’s PCI DSS QSA working with your organisation to deliver a full QSA-led SAQ against any currently valid version of the Standard and provide a completed AOC form for you to submit. It is widely acknowledged that an SAQ, countersigned by a QSA, greatly adds to the credibility of the self-assessment.
- Supporting SAQs - Here, URM’s QSA can support your organisation conduct its own SAQ by offering advice and consultancy. This service differs from the ‘QSA supported SAQ’ service, described above, in that typically the QSA will not be involved in actively gathering and reviewing any evidence. The QSA will be simply advising you on the level of evidence you would need to obtain. As a result, they would not be in a position to sign off the SAQ.
- Pre-audit Readiness Assessment – URM’s QSAs are able to work with your organisation to conduct a readiness assessment of your in-scope environment against any currently valid version of the PCI DSS and identify any issues that would affect compliance being achieved. This provides you with the opportunity to remediate any issues before the formal evidence stage and provides staff with the experience of undertaking a PCI DSS assessment.
Get in touch
Please note, we can only process business email addresses.
Why URM?
Track record and experience
URM has a team of expert consultants across multiple security disciplines who are all highly experienced in assisting organisations in gaining PCI DSS compliance. Our consultants have worked with hundreds of different companies across a wide range of industries, including local government, entertainment, retail, hospitality, IT services, charities, and many more. They also have experience of working with companies of various sizes ranging from self-employed individuals to multi-national corporations. So, whatever your PCI DSS needs are, URM will be able to provide a QSA who understands your organisation and can offer the best advice and guidance to help you achieve compliance.
Pragmatic Approach
All of URMs QSAs pride themselves on their pragmatic approach to both compliance and assessments and will work with you to find the most appropriate and sensible way for you to meet the requirements of the PCI DSS.
PCI DSS v4.0: Targeted Risk Analysis
URM’s blog dissects the new PCI DSS requirements around targeted risk analysis, what they involve, and how the 2 types of TRA in the Standard differ.
URM’s blog drills down into the PCI DSS v4.0 requirements around forced password changes, with a particular focus on the addition of zero-trust architecture.
URM’s blog explains the wording changes in Requirement of the PCI DSS v4.0, offering advice on how organisations can select and use the most appropriate NSCs.
URM’s blog answers key questions about the practicalities of PCI DSS v4.0 transition assessments and how you can best prepare for a successful v4.0 transition.