Products & Services

Security Assessment Services

ControlScan’s Security Assessment Services provide on-site and remote assistance for businesses with complex card processing environments, businesses who desire a more in depth comprehensive evaluation against the PCI DSS and businesses who require a level 1 PCI audit.

ControlScan’s team of Qualified Security Assessors (QSA) and security consultants is available to assist you in reviewing and understanding the PCI DSS as it applies to your business environment. Through the following security assessment services, ControlScan will conduct a thorough review of your cardholder data environment(s), network and systems to clearly identify the steps needed for your business to achieve full PCI compliance:

PCI Compliance Roadmap Service

A ControlScan Qualified Security Assessor (QSA) will meet with you to review and discuss PCI as it applies to your business and answer any questions you may have about the compliance process. After the consultation is complete, ControlScan will provide you with a roadmap along with checkpoints that map out the required steps for your organization to achieve PCI compliance. To request more information about this service, please click here.

Cardholder Data Environment Scoping Service

Cardholder data environment (CDE) is the network environment that possesses or transmits credit card data for each transaction. Cardholder data environments that are minimized in scope make it easier for businesses to achieve and maintain PCI compliance, reduce the impact and costs of compliance, and are likely to provide a higher level of security for consumer payment card information.

ControlScan’s Cardholder Data Environment Scoping Assessment service is conducted by a QSA-qualified consultant and provides you with an analysis of your current card data environment and recommendations for reducing its scope. To request more information about this service, please click here.

Self-Assessment Questionnaire (SAQ) Advisory Service

The Self-Assessment Questionnaire (SAQ) is a validation tool designed to assist businesses in self-evaluating compliance with the PCI DSS. If your business qualifies for SAQ C or D, ControlScan’s PCI DSS Advisory Service will provide you access to a QSA-qualified assessor to help answer detailed questions about these more complex SAQs – adding an additional measure of confidence that your business is providing well-qualified responses.

ControlScan’s SAQ Advisory service may also include:

  • Advice on how to remediate areas where you are unable to confirm compliance with a particular question
  • Identification of areas where you have difficulty complying and optional recommendations on how to address each

To request more information about this service, please click here.

PCI DSS Gap Analysis Service

The PCI DSS Gap Analysis service helps prepare you for a formal Report on Compliance (RoC), allowing you to see on a trial basis how your business and environment would be evaluated within a formal RoC framework. Think of it as a pre-test before a formal exam.

A RoC is an official report generated by a QSA for any entity that qualifies as a level 1 merchant or service provider. The RoC is the method of compliance validation for these types of merchants. If you are not sure what your merchant level is, please contact ControlScan.

The PCI DSS Gap Analysis is a helpful tool for merchants required to validate their compliance using SAQ D. SAQ D is a complex set of 288 IT and non-IT controls that maps directly (one to one) to the controls within the PCI DSS. A gap analysis will identify the cardholder data environment scope, identify missing controls within the cardholder data environment and provide detailed recommendations for scope reduction and gap remediation options.

To request more information about this service, please click here.

Qualified Security Assessor (QSA) Audit Service

The QSA Audit is a detailed review of an organization’s card data environment that results in a Report on Compliance (RoC). This type of compliance validation is typically reserved for larger merchants and service providers, but can be utilized by any organization wishing to formally validate PCI DSS compliance through the services of a Qualified Security Assessor.

To request more information about this service, please click here.

For more information about our Security Assessment Services, or to schedule a consultation, please call us at 800-771-8603 x 2 or click here to fill out a request form. A ControlScan representative will contact you within the next business day.

Contact Us

to learn more about our Security Assessment Services today.