From PCI Readiness to Your Final Report, Our Experienced Team is Here for You at Every Step.
As a PCI Qualified Security Assessor Company (QSAC), we can help provide the guidance and assistance your organization needs to achieve PCI compliance.
Whether you’re looking for help with a SAQ (Self-Assessment Questionnaire) or a ROC (report on Compliance), Auditwerx can partner with you to meet your compliance needs in a cost-effective manner – saving you time and money, so you can get back to growing your business.
For organizations new to PCI or trying to navigate new business processes as it relates to PCI, a readiness assessment/gap engagement will provide the needed guidance to ensure compliance prior to an assessment.
The readiness process identifies any gaps in PCI compliance and allows you to address those gaps before going through your assessment. This can provide efficiencies to the ultimate assessment process and help save time, cost, and avoid unanticipated gaps or expansion of scope.
A gauge of your current environment, policies, procedures, and controls against the requirements of the PCI DSS will be performed along with defined scoping guidance.
“… Auditors were extremely courteous and patience with a great sense of urgency when it was needed the most. We would highly recommend Auditwerx services to organizations of all sizes and requirement complexities. “
When new business or PCI initiatives arise, large or small, you need someone capable of looking at all facets of the project from a PCI perspective to determine the potential impact. Auditwerx can provide guidance on architecture changes, scoping definition, technology implementations, scope reduction, compliance cost reduction, new payment channels, and other areas. Every project is specifically tailored to your needs to ensure you receive the most value.
There are a variety of SAQs available and determining which apply in your situation may be challenging. Auditwerx professionals are here to assist you with identifying the appropriate SAQ associated with each payment channel and evaluating if you comply with the applicable requirements. We are your partner in this process and our goal is to assist your team in understanding and being able to accurately answer each question as you fill out the SAQ.
Auditwerx will serve as your qualified security assessor (QSA), performs a detailed assessment, provides a PCI report on compliance (ROC) and a PCI attestation of compliance (AOC). Auditwerx is not a checkbox, one time a year assessor. Auditwerx is looking to establish long-term partnerships with continued interaction throughout the year to ensure you are kept apprised of new developments so that there are few if any surprises during the assessment. Our goal is to reduce the risk and liability to both organizations and to create efficiencies. This allows information security to be the primary focus, while making compliance a byproduct.
There is a lot of information about PCI DSS compliance floating around on the internet. New software tools are popping up everyday claiming to save you time and money when it comes to your security compliance audit. The fact of the matter is that no questionnaire or checklist can completely replace the personalized attention and detail of an experienced auditor. Our detailed FAQ will help breakdown the myths so that you can feel confident in your PCI audit.
The Payment Card industry Data Security Standard (PCI DSS) is the standard information security protocol used by organizations that process payment card information as it related to the major credit card brands.
PCI DSS compliance examinations must be performed by a PCI Qualified Security Assessor Company (QSAC) like Auditwerx. Whether you’re looking for help with a SAQ (Self-Assessment Questionnaire) or a ROC (report on Compliance), Auditwerx can partner with you to meet your compliance needs in a cost-effective manner – saving you time and money, so you can get back to growing your business.
When it comes to compliance certification, service organizations can often find it difficult to balance customer requirements and ROI.
Our goal is to deliver the efficient compliance assessments you need, at a price that makes sense for your business. Once we have discussed your needs and current environment, there are several factors that impact our cost estimate:
A PCI Readiness Assessment is your best preparation for a PCI audit. Typically, we can complete your PCI Readiness Assessment within two weeks. This process identifies any gaps in PCI compliance and allows you to address those gaps before going through your assessment. This can provide efficiencies to the ultimate assessment process and help save time, cost, and avoid unanticipated gaps or expansion of scope.
When it comes to your PCI DSS compliance report, there are 4 main steps that are part of the auditing process.
Step 1: Planning & Readiness
Communication is essential in completing a PCI audit and it starts in the planning process. Our planning begins with a kickoff call. The kickoff call is used to make introductions, identify key players, and points of contact. We also begin the process of understanding the services on which we will be providing an opinion. Where a readiness assessment has been requested, we establish the dates for the readiness work (for first-time PCI assessments) and/or fieldwork (for recurring clients). In readiness, we assess the data flow of the services, identify controls, and provide a gap analysis of controls that may need implementation or improvement. The planning and readiness process is critical to creating open communication designed to obtain maximum efficiencies that will be realized in the PCI reporting process.
Step 2: Preparation
Once the audit plan is established, we create the request list of support items needed in our secure online dashboard, in preparation of and coordination with you for the testing phase. Between the time of the audit plan establishment and the testing, your team starts compiling your supporting documentation and uploading it to the secure online portal. Remember, we are there to help, so we invite open communication if you have any questions. This preparation is essential to an efficient and effective audit experience.
Step 3: Testing
Testing and gathering evidence is the core part of any compliance engagement. Based on the information gathered during the Planning & Preparation stages, evidence will be gathered to meet the objectives discussed. We believe that timely communication is key to this process and to building trust with you, our client.
Step 4: Reporting
After the testing and internal reviews are completed, a draft report is issued for managements review. Any changes by management are processed and the final report is issued.
Auditwerx is proud to offer a number of PCI compliance solutions to meet your needs and business goals:
Auditwerx has extensive experience with service providers and Service Organization Control (SOC) audits so conducting PCI assessments are a natural extension of our services.
Service providers are unique in that while they may not directly deal with cardholder data, because of or how they deliver their services they could influence the security of their customers’ processing, storing or transmitting of cardholder data and therefore the service provider is required to be PCI compliant.
Many service providers do not realize the need to be PCI compliant until customers clamor for it because it is required for their own PCI compliance efforts.
Every organization is unique. Auditwerx provides a tailored approach to every assessment based on your needs. We think outside the traditional black and white landscape of the security standard to help you assess and design controls within the constraints of your environment to meet the intent of the PCI DSS.
Auditwerx is a boutique consulting firm who understands the challenges of working with large QSA companies and was designed to provide the attention and expertise that companies should expect.
Auditwerx is not just a vendor, but a trusted advisor and long-term partner. We are your “go to resource” as questions and issues arise, not just during the assessment.
Auditwerx brings over a decade of PCI experience and has performed hundreds of assessments across organizations of all sizes from small businesses to service organizations and fortune 10 merchants.
Auditwerx understands the challenges of resources, compliance deadlines, and evidence gathering and will work with your team to ensure our approach meets your expectations.
Auditwerx can help build a foundation for your compliance initiatives and transform your compliance fatigue with integrated solutions for PCI, SOC, HIPAA, and HITRUST.
While there’s no official questionnaire or checklist that will complete the compliance process for you, our PCI Guide will help your organization start off on the right track.
When you’re ready to start your PCI compliance journey, our experienced team will be here to walk you through the entire process, from audit readiness to your final report.