Compliance Standards

PCI SSLC firms help organizations achieve and maintain compliance with:

• Initial preparation, including scoping out implementation
• Strategic oversight and program advisory for overall governance
• Implementation or mapping assistance, including remediation
• Assessment and reporting on compliance for validation
• Ongoing maintenance and troubleshooting support

There are four critical factors that should guide your search for a PCI ASV:

• Understanding why you should seek guidance and work with an ASV
• Knowing where to look for an ASV—namely, the PCI ASV list
• Identifying what qualities make an ASV the right fit for you
• Considering other elements of compliance and governance

There are four pillars to successful and efficient preparation for PCI SSF compliance:

• Understanding the scope of the SSF, including both component frameworks
• Meeting the requirements of the Secure Software Standard
• Implementing the Secure Software Lifecycle framework
• Conducting an assessment for validation with a PCI-listed assessor

Finding the right Secure SLC Assessor comes down to looking for four critical factors:

• Assessors must be qualified by the PCI SSC to validate your compliance
• Assessors should provide comprehensive knowledge & preparatory assistance
• Assessors should present other frameworks and regulations required for compliance
• Assessors must be flexible and accommodate your current IT deployment

If your organization was subject to PA-DSS compliance in years past, you may need to achieve PCI Secure SLC certification as soon as possible. The most efficient path begins with scoping before in-depth implementation and assessment—all of which an advisor can optimize further.

If your organization is seeking PCI certification, you’ll need to conduct PCI compliance scans using a PCI ASV. Officially certified scanning vendors are required for one specific part of the DSS, but advisor organizations offering ASV tools can optimize all elements of implementation.