• Skip to primary navigation
  • Skip to main content
  • Skip to footer
ControlCase No Tag LOGO md

ControlCase

IT Certifications, Continuous Compliance and Cybersecurity Services Provider

  • Company
    • About Us
    • Careers
    • Locations
    • Team
  • Industries
    • Business Process Outsourcing
    • Cloud Service Providers
    • Retail
    • Telecom | Entertainment
  • Certifications
    • PCI DSS Certification
    • CSA STAR Certification
    • GDPR Assessment
    • HIPAA Assessment
    • HITRUST Certification
    • ISO 27001 Certification
    • FedRAMP 3PAO Services and NIST 800-53
    • CMMC Compliance: NIST 800-171
    • MARS-E Assessment
    • P2PE Certification
    • PA DSS Certification
    • SOC2 Report
  • Solutions
    • Continuous Compliance Solution
    • One Audit
    • Card Data Discovery Software
    • Data Security Rating
  • Testing
    • Application Reviews
    • Application Security Training
    • Code Reviews
    • Card Data Discovery
    • External Vulnerability Scans
    • Firewall Security Reviews
    • Internal Vulnerability Scans
    • Log Monitoring
    • Penetration Testing
  • Resources
    • Events
    • News
    • Webinars
    • Courses
    • Newsletters
    • Blog
  • Contact Us

PCI DSS Certification

Request DatasheetRequest QuoteRequest Demo
You are here: Home / Certifications / PCI DSS Certification

PCI DSS Compliance and Certification Services

ControlCase offers the following standardized methodology of PCI Certification for all its clients year 1. The methodology consists of the following steps:

Gap Analysis (Steps 1 to 3):

PCIDSS_CertControlCase will perform a gap analysis and perform the required testing to be able to inform the client of the controls that need remediation to achieve PCI compliance. The assessment will include a review of the cardholder production network (including vulnerability and penetration testing) and supporting technical documentation. The assessment process may include interviews with company personnel to determine what PCI requirements are in place and where remediation is required.

The first phase of the project will involve reviewing and validating the current cardholder network environment, policies and procedures against the PCI Data Security Standard (DSS). The methodology for validation will include:

  • Review of current cardholder environment technology and security features
  • Mapping touch points to the corporate network
  • Examining access points and network components for security shortcomings from a PCI perspective
  • Verification that current documented controls meet the specific PCI DSS requirements
  • Scans and penetration tests to validate that the client has attained an appropriate level of security

 

For this phase, ControlCase consultants will require the following documentation from the client

  • Current network diagrams of the appropriate environments with respect to cardholder data
  • Firewall/router configuration details
  • Data retention and disposal procedures
  • Policy and Procedures for physical security
  • Encryption Key Management Policy
  • Incident Response Policy
  • Password Policy
  • Change Control Policy
  • Build/Patch Policy
  • Internal Security Testing Procedures

ControlCase will provide standard templates for the above mentioned policies and procedures, if so desired by the client.

Remediation plan and support (Steps 4 & 5):

ControlCase will keep a track of all remediation efforts and provide monthly status report to the client for the remediation steps. During this time, client is expected to implement PCI controls and inform ControlCase continuously of all remediation measures.

Certification (Steps 6 to 9):

ControlCase will, as required for the project, deploy a PCI audit team of Qualified Security Assessors (QSAs) to carry out an on-site portion of the PCI DSS assessment. After completion of our internal quality assurance procedures, the client will be issued a Report on Compliance (ROC) and appropriate certification documentation will be submitted to various credit card brands. PCI DSS certification requirements are dependent on the level of the service providers as determined by their acquirer or the payment brands and is summarized below. Merchants and Services providers should contact their acquirer or the payment brands to identify their specific validation and reporting requirements.

Merchants Level 1 Level 2 Level 3 and Level 4
PCI Assessment Type Annual Onsite Assessment Annual Self-Assessment Payment Brand or Acquirer Defines What is Required
Reporting ROC and Quarterly ASV Scan SAQ and Quarterly ASV Scan Payment Brand or Acquirer Defines What is Required

 

Service Providers Level 1 Level 2 Level 3 (American Express)
PCI Assessment Type Annual Onsite Assessment Annual Self-Assessment Annual Self-Assessment
Reporting ROC and Quarterly ASV Scan SAQ and Quarterly ASV Scan SAQ and Quarterly ASV Scan
  • Facebook
  • LinkedIn
  • Twitter
  • YouTube

Footer

Connect

Corporate Headquarters
12015 Lee Jackson Memorial Hwy, Suite 520, Fairfax, VA 22033

Send us a message

Call Us

About Us

ControlCase is a United States based company, headquartered in Fairfax, Virginia with locations in North America, Europe, Latin America, Asia/Pacific and the Middle East to serve our clients globally.

Quick Links

  • Company
  • Team
  • Careers
  • Locations
  • Covid-19 Notice

Certifications, Assessments and Reports

  • PCI DSS Certification
  • CSA STAR Certification
  • GDPR Assessment
  • HIPAA Assessment
  • HITRUST Certification
  • ISO 27001 Certification
  • FedRAMP and 3PAO Services
  • MARS-E Assessment
  • P2PE Certification
  • PA DSS Certification
  • SOC2 Report

© ControlCase LLC 2023 | Privacy Policy | Impartiality Statement | Legal Notices