PCI 1-2-3 Self-Assessment

Your PCI compliance North Star.

Only the largest businesses must go through a formal PCI DSS QSA Assessment; the vast majority can self-attest to their PCI compliance. Working through the process can be complex, though. Like someone taking you by the hand and leading you through a dark forest, the ControlScan PCI 1-2-3 program will expertly guide your business through each of the PCI DSS requirements.

PCI DSS compliance is an ongoing process and can prove to be overwhelming for many small business owners. PCI 1-2-3 Self-Assessment from ControlScan helps cut through the complexity of achieving PCI DSS compliance and allows you to easily analyze and validate compliance. In addition, our team of experts is available to provide step-by-step assistance for any PCI questions you may have.

ControlScan PCI 1-2-3

PCI 1-2-3 is available online via a communication portal called SecureEdge.com. The portal provides you with anytime access to real-time PCI DSS compliance and security details and all the right tools to make it easy for you to analyze and validate PCI compliance.


SmartSAQ is an interactive, cloud-based application that features a contemporary user interface, intuitive question presentation and go-to support tools that save you time while boosting your SAQ success rate:

  • An intuitive, engaging user interface, with simplified SAQ questions that are presented in a logical order;
  • Easy-to-understand help text with pictures that clearly illustrate and explain key concepts;
  • The ability to complete all or any part of the SAQ and apply responses to affiliate businesses; and
  • A faster SAQ completion and revalidation process, saving time and eliminating frustration.

"As a small business, it is very reassuring that security professionals are doing what they promise to do."

Source: Owner, Small Business Professional Services Company


  • External vulnerability scans that check for cross-site scripting, SQL injection, remote file inclusion and many other application and network-based vulnerabilities
  • Scan reports that meet the Approved Scanning Vendor (ASV) Program Guide requirements
  • Vulnerabilities prioritized by severity
  • Detailed instructions for correcting identified problems


The ControlScan PCI 1-2-3 program will expertly guide your business through each of the PCI DSS requirements.

Policy Builder

  • A set of security policies that can be modified to reflect your business environment
  • Policy templates automatically generated based on the way you process payment cards, making it easy for you to comply with the PCI DSS information security policy requirements

Breach Protection Program

  • Offers peace of mind and provides valuable information on breach prevention strategies.
  • Reimburses any expenses that you are contractually obligated to pay as a result of a breach incident. These include mandatory forensic audit, credit card replacement costs, and related expenses, assessments and fines levied by card associations.
  • A data breach can be either a system/network breach, the physical theft of the credit card data from stolen receipts, stolen computers, skimming or even employee theft. Learn more.

Security Awareness Training

  • On-demand training, delivered in a non-technical, easy-to-consume manner
  • Formal online security awareness program for retailer employees
  • Choice of on-demand video or downloadable file formats
  • Certificates provided for completed training
  • Cost-saving alternative to third-party vendor programs

Already a customer?