The 11 requirements of PCI-DSS specifies the obligation for a third party that is ASV certified to assist in quarterly scans. A2SECURE offers complete services of compliance with this activity, and the acquiring banks require a quarterly validation.
Through a partnership agreement with Qualys Guard, one of the most active and reputable ASVs, A2SECURE provides the scans service completely certified.
These projects consist of 4 phases, described as follows:
“We evaluated other partners who could support us in improving our security and we have finally chosen A2SECURE, because it combines the best solution with a very personal and direct support.”
Atrapalo IT Director
Taking into consideration the quarterly planning of ASV reports delivery to the client’s bank, a perimeter test is planned beforehand. The results of these tests performed by QualysPCI generate reports that are interpreted by A2 consultants. These consultants study the results in order to eliminate possible recurring false positives. Subsequently, a technical report where the client is encouraged to eliminate vulnerabilities is delivered.
The client is responsible for implementing the recommended changes in order to adapt to PCI requirements. However, at all times the client will be supported by A2SECURE team to address any doubts that may arise. It is important to note that it will be possible to repeat as many tests as are needed in order to verify the proper elimination of vulnerabilities, all of them programmed by A2 technicians.
Once the vulnerabilities of PCI non-compliance have been rectified, the A2 team will perform a final test and a final verification of results to generate a results report which is PCI certified. This report will be provided to the client to be delivered to the client’s bank.
As a QSA company and through our experience, we can help you to adapt PCI-DSS as much as possible to your business processes, not the other way around.
It is important to understand the norm and what is intended, in order to align the requirements to the particularities of your organization.
If you want to know more about our service, do not hesitate to contact us.