PCI DSS Level 1 QSA Assessment

Custom Solutions to Fit Your Security, Compliance and Business Goals

Our QSA assessment process is designed to be thorough, relatively painless and valuable to you as a business. We begin with a kick-off call to ensure your team understands the process and to request the information that we’ll need.

Then, we’ll schedule an onsite assessment, followed by requests for further documentation as needed. If no major changes or further onsite visits are required, we’ll draft, finalize and file your Report on Compliance (ROC).

Truvantis is certified by the PCI Security Standards Council as a Qualified Security Assessor (QSA). We have decades of experience helping clients move efficiently through the PCI DSS Compliance process.

How to Prepare for a Smooth QSA Assessment

Take steps to minimize the scope of your cardholder data security before your assessment. Being proactive and aware will help you avoid delays and surprises.

Examine how your organization handles Sensitive Authentication Data (SAD)
In particular, make sure that you never store it. SAD includes the contents of chips or magnetic stripes, PINs, PIN blocks, and card verification codes.
Investigate Your Point of Sale (POS) Vendor
Ask your POS vendor essential questions about the security of your POS. Examples:
- How are login credentials maintained?
- Have all unsecured or unnecessary applications been removed?
- What controls are in place to prevent unauthorized access to the POS?
- Does the POS store SAD?
Unless You Absolutely Have To, Do Not Store Cardholder Data
Eliminate the storage of cardholder data you don't need.
Consolidate and Isolate Cardholder Data
Partition your system so that all sensitive data is contained to a secured portion of your system.
Check your Controls
Understand what PCI DSS requires and implement it in advance of the QSA inspection. We'll help you get the rest of the way.
Implement Training and Awareness Campaigns Throughout the Organization
Foster a culture of awareness and promote ethical handling of sensitive data throughout your organization.

Understanding the QSA Assessment Process

A PCI DSS QSA Assessment (or Level 1 Assessment) is an on-site inspection and assessment of an organization’s cardholder data environment (CDE) for compliance with PCI DSS. It concludes with the official documentation of proof, or the Report on Compliance (ROC), that the QSA will prepare at the end of the assessment.

The goal of PCI DSS certification is to perform an annual checkup on the care with which an organization handles its payment cardholder data. With the right partner, a QSA assessment is also a valuable opportunity to understand how well your organization protects your customers' most sensitive data.

Truvantis QSA Assessments include:

A professional assessment of your security procedures in the context of your goals and currently-used technologies.
A complete snapshot of your cardholder data environment (CDE) for a bird's-eye view of your risk profile.
An accurate picture of how your procedures compare to the PCI DSS security standards.
Custom solutions and recommendations to close any gaps between your practices and the standards.
Evidence to verify the implementation and effectiveness of controls.
A complete ROC that your business partners will accept the first time.

Featured Security Services and Solutions

There’s no one-size-fits-all solution to modern security. Instead, our services provide the foundation for the industry’s best practices and security your business can count on when it matters.

info@truvantis.com

+1 (415) 422-9844

info@truvantis.com

+1 (415) 422-9844

PCI DSS Level 1 QSA Assessment

Custom Solutions to Fit Your Security, Compliance and Business Goals

How to Prepare for a Smooth QSA Assessment

Understanding the QSA Assessment Process

Truvantis QSA Assessments include:

Featured Security Services and Solutions

Penetration Testing

PCI DSS v4.0.1

Data Privacy

vCISO