Wonder Twins, Activate!
We save you time and money by auditing P2PE and PIN together.
It’s no secret that entire sections of both P2PE and PIN are based directly on the same ANSI, PCI and NIST standards (X9.24-1, X9.24-2, TR-31, TR-34, PCI PTS, FIPS 140-2). The common sources are so obvious that for years both standards had the same typos! With the new versions of PIN v3.0 (which went into effect October 2019), and P2PE v3.0 (published in December 2019), the requirement language, testing procedures, sunset dates, and controls have all been aligned for all common controls.
ControlScan knows that many entities responsible for P2PE must also obtain PIN audits. This is common for key injection facilities (KIFs), certification and registration authorities (CAs/RAs), large merchants and processors. For that reason, we deliberately built our QSA (P2PE) and QPA practices on the same methodology, consolidated action items (where possible), and common evidence collection platform to deliver a streamlined consolidated audit process.
Engage ControlScan for a consolidated P2PE and PIN audit, and you will work with a senior-level consultant who is certified to both standards, giving you a single point-of-contact, a single audit timeline to expedite your compliance assessment process, and pricing that reflects this more efficient approach.
P2PE & PIN Consolidated Assessment
A senior-level, dual-certified Qualified Security Assessor for P2PE, or QSA(P2PE), and Qualified PIN Assessor (QPA) will conduct an onsite review of all in-scope systems and processes for both PIN and P2PE. After limited remediation, two full reports are drafted: the P-ROV/P-AOV and the PIN ROC/AOC. Allow 30-45 days for review and acceptance of P2PE reports by PCI Assessor Quality Management.