PCI Audit and Compliance Reporting
The fundamentals for merchants
to be compliant.
What is PCI Audit and Compliance Reporting?
PCI Audit and Compliance Reporting aids businesses with the completion of required reports: Self-Assessment Questionnaires (SAQs) or full Qualified Security Assessor (QSA) Reports on Compliance (ROCs).
On completion of the report, PGI’s consultant will also produce an Attestation of Compliance (AOC) to be signed by both the QSA conducting audit work and an Executive Officer of your organisation.
It is important to note that a ROC may be a mandatory requirement for some businesses. The PCI Security Standards Council requires Level 1 merchants (those processing more than 6 million transactions) to present a ROC for certification. An ROC can only be completed by an approved assessor, such as PGI, and cannot be done through a self-assessment by the company.
Benefits of PCI Audit and Compliance Reporting
About PCI DSS
PCI Audit and Compliance Reporting must be completed on standard issued forms from the PCI Security Standards Council. This ensures businesses have complete peace of mind that the methodology used to determine compliance—and the aspects of the cardholder data environment (CDE) that are examined—are consistently in line with the requirements set out by the standard.
Our consultants provide you with a detailed overview of your own CDE, highlighting the requirements that are compliant, not applicable, or not tested. Ideally the reports provide evidence to all stakeholders that your organisation is compliant with the standard.
For small/medium merchants that do not reach ROC transaction levels, eligibility for completing reduced SAQ versions may be applicable. This can significantly reduce your compliance overheads.
The PCI Audit and Compliance Reporting service:
Fulfils the critical objective of showing that
your organisation is compliant
Provides peace of mind
Completes mandatory reports in a correct,
error-free format by knowledgeable
PCI DSS professionals
Makes use of appropriate SAQs to reduce
ongoing compliance requirements
May include, where applicable, analysis
of and completion of Compensating
Provides authorised, independent verification of compliance
Is PCI Audit and Compliance Reporting right for you?
For level 1 Visa merchants, PCI Audit and Compliance Reporting is a necessary requirement for PCI DSS certification. However, it can also be beneficial for any organisation handling payment data.
Consider PCI Audit and Compliance Reporting if:
You have suffered a data breach in the past
You handle large volumes of non-Visa transactions
You are keen to demonstrate a strong commitment to payment data security
You are preparing for
Why choose PGI?
At PGI, we’re proud to be among a select group of assessors recognised and acknowledged by the PCI Security Standards Council (SSC) for expertise, experience, and professionalism in the field of payment data security.
As approved Qualified Security Assessors (QSA), we assess compliance to the latest standard (currently PCI DSS 3.2.1), helping you to minimise the reputational and financial risks associated with non-compliance, and ensure you’re demonstrating an ongoing commitment to security.