Our Approach to PCI Security
As one of the few Qualified Security Assessor (QSA) firms certified by the PCI Council, AWA, specializes in information security testing to better serve our clients’ unique needs. Our team leverages an in-depth knowledge from decades of experience for comprehensive cybersecurity solutions tailored to your compliance needs.
Our certified security assessors assist clients in determining your PCI compliance scope and requirements. To assess compliance with PCI DSS requirements, they conduct interviews, control walkthroughs, and analyze paperwork. They detect and report any gaps in compliance with PCI requirements and guide remediation at each step. Finally, our QSAs complete the Report on Compliance, Attestation of Compliance, or SAQ as required.
Benefits of PCI DSS Security Assessments
- Identify system and application weakness and vulnerabilities that can result in data breaches
- Avoid fines and potentially increased transaction costs due to unmet requirements
- Protect your reputation with reduced risk of data breaches
- Help your organization develop and meet a defined IT Security Compliance Program
- Gain an advantage over non-compliant competitors
AWA’s PCI Security Services
AWA delivers PCI security services using a project management approach that minimizes disruption and miscommunications, as well as the risk of schedule delays and budget overruns. We also coordinate multiple security assessments to to reduce compliance costs and effort, while supporting broader corporate security and risk management goals.
- PCI Assessments & Compliance Scanning
- PCI Self-Assessment Questionnaire Guidance
- Security Program Development
- PCI Data Security Standard Remediation
- Security Framework Assessments – ISO 27001, NIST, FISMA, SANS Top 20 Critical Security Controls
- IT Security Risk Assessments
- Penetration & Vulnerability Testing
- Virtual CISO / CISO Advisory Services
- PCI Report on Compliance (ROC)
FAQs about PCI Security Services
Does PCI require pen testing?
Yes, maintaining PCI compliance requires regular pen testing, internal and external vulnerability scans, especially when obtaining RoCs (Reports on Compliance), and some SAQs (self-assessment questionnaires). Compliance requires annual pen testing, as well as additional penetration testing, is required whenever there are significant changes to the infrastructure, applications, security patches, and/or end user policies.
What is a PCI vulnerability?
As defined by PCI DSS standards, a vulnerability is a technical flaw in a company’s network perimeter or IT infrastructure that cybercriminals could exploit to access data without authorization.
Who can perform PCI DSS external vulnerability scans?
An outside scanning business must carry out these scans at least every three months and be recognized as an Approved Scanning Vendor by the PCI Council (ASV). Employees working for your company internally are unable to carry out these scans.
How do you assess PCI compliance?
To assess compliance, external assessors review documentation, conduct interviews or key personnel, test a sample of control systems and analyze the configuration of the organization as they pertain to the security controls outlined in PCI DSS.
Do I need a PCI Self-Assessment?
Every company attempting to demonstrate compliance with PCI DSS must complete the relevant Self-Assessment Questionnaire with the exception of companies that have already achieved a higher compliance level and are required to have a Report on Compliance prepared by a qualified security assessor in an on-site audit. There are different types of SAQs and it can be difficult to understand which one applies to your organization and its cardholder data environment. That’s why consultants are available to determine which SAQ is the best fit.