QSA On-Site Assessment – Who is service this for?
Merchants and Service Providers that are required by their Acquirer or Brand to complete an on-site assessment of their PCI DSS compliance.
Click to View
What are the benefits?
IntaForensics will complete a staged assessment process, to ensure that the customer is fully prepared for their next annual visit. A review of documentation is carried out prior to attending the site, to reduce the overall business impact of the assessment process.
In addition to reviewing the current payment channels in use, recommendations are also made for any de-scoping changes that could simplify compliance requirements.
What Happens Next?
Initially a pre-assessment visit is recommended, to review:
- The current status of the customer network and data flows that will be assessed;
- Any impact of changes to the PCI DSS standard since the customers last assessment. A review of changes to the Cardholder Data Environment (CDE) since last assessment is completed, to ensure changes to the standard haven’t created gaps that would need to be remediated.
Following the pre-assessment, the onsite assessment is completed through a combination of remote information gathering and on-site assessment activities.
IntaForensics work closely with their customers to ensure that all assessment activities are as low impact as possible, to ensure that business as usual receives minimal impact.
What will the process look like?
One of the QSA team will engage with the customer at an early stage to ensure that we have an accurate proposal tailored to individual requirements.
In order to minimise impact to a customer’s day-to-day activities, the assessment is broken up into stages and scheduled around staff availability and the locations that need to be visited.
Where possible, remote activities will be carried out to set the ground work for the assessment of the payment channels. Documentation collection and initial review of the scoping of the environment can be completed prior to an on-site visit. This helps ensure there is no sudden change in scope later and costs are predictable throughout the assessment process.
Not Just a Once-A-Year Visit
Our on-site assessment service goes beyond an annual engagement and ensures that you are prepared throughout the year to maintain full compliance:
- IntaForensics provide a support service that allow you to ask questions if there are changes to your processing environment or payment channels;
- Regular scheduled reviews during the year to discuss any changes and also provide updates of relevant PCI and Security industry amendments that could impact your compliance.