PCI Audit

The official PCI certification audit is a annually recurring process that addresses all the assessment needs of a payment card processor, merchant, or financial institution. As a Qualified Security Assessor (QSA) and Approved Scanning Vendor (ASV), we offer you the means by which to achieve compliance and certification. Our PCI Certification offering is available to all levels of merchants, gateway providers, and service providers (organizations that process, store, or transmit cardholder data on behalf of members, merchants, or other organizations) and includes:

• First Year Site Audit
• Report on Compliance (ROC) filing
• Annual Site Audit
• Quarterly Site Scan

The PCI Audit is a two phase operation consisting of assessment and reporting conducted by a Qualified Security Assessor (QSA). The duration of each phase is based on the size and complexity of the environment. The process includes semi-automated scanning, manual testing, staff interviews, and review of policies and procedures in place at each organization. Reporting is done in conjunction with the customer IT, compliance and security staff and generates a complete PCI Report on Compliance (ROC) document suitable for presentation to the PCI certification committee.

In addition, a complete set of credit card vendor-specific documents will be generated, including letters for Visa, MasterCard, American Express and Discover. You will receive copies of these documents and Security Innovation will keep them on file for re-use in subsequent engagements. Click for vendor-specific document filing requirements.

:: For information on building a sustainable PCI Program, please contact us at 978.694.1008 x24 or email

To help you prepare for your official PCI Audit, we also offer PCI Readiness solutions