Top 5 Quality Criteria for an Approved Scanning Vendor (ASV)

28. August 2019

Corinna Reinheimer, who is in charge of ASV scans at usd AG, tells us the five most important characteristics you should consider when choosing your PCI scanning partner.

Top 1: Comprehensive experience

Employees in the fields of security analyses and vulnerability management require comprehensive professional experience in order to ensure they can propose proper solutions to security findings.

Top 2: A competent customer support

To be able to answer all questions that may arise in a timely manner and preferably in the local language, the ASV should have an easily contactable customer support with trained staff.

Top 3: Unlimited number of re-scans

If a scan does not yield a successful result (“compliant”) on the first try, the customer is required to conduct re-scans after remediating the findings. New security vulnerabilities are being discovered on a daily basis and the list of vulnerabilities a scanner must search for is updated constantly. Therefore, a re-scan may discover some new vulnerabilities that need to be remediated for the scan to yield a “compliant” result. With unlimited re-scans, each vulnerability can be processed individually and the compliance status of the scan can be checked immediately afterwards.

Top 4: A reliable platform

The customer should be able to manage scans independently from the service times of the ASV. This requires a web based platform that allows the customer to complete tasks such as ordering, planning and processing scans at any time. Ideally, the customer can also complete Self Assessment Questionnaires (SAQs) and submit assessment reports via the platform to have all documents required for validating PCI compliance in one place.

Top 5: Extensive PCI consulting and certification services.

A company offering ASV services should have comprehensive expertise. Ideally, the company providing the service is not only an ASV, but also an accredited assessor of PCI Security Standards. This way a customer can make sure to receive competent advice and expert answers to all their questions regarding the steps they need to take to validate PCI compliance.

You need assistance?

As an accredited assessor, usd AG advises and certifies companies worldwide in accordance with the requirements of the Credit Card Industry and has been an Approved Scanning Vendor (ASV) accredited by the PCI Security Standards Council for more than 14 years. Companies from all over the world rely on the expertise of our accredited assessors and PCI Competence Center and use the services of our usd PCI Platform.

Find more details about our ASV scans here.

Also interesting:

ERFA KRITIS  - Audits was a Guest at CST Academy 

ERFA KRITIS  - Audits was a Guest at CST Academy 

In recent years, the number of critical facilities requiring special protection and registered with the German Federal Office for Information Security (BSI) has risen steadily. With KRITIS Audits in accordance with § 8a BSIG (IT Security Act), operators of critical...

6 Reasons For a Security Audit

6 Reasons For a Security Audit

The number of cyberattacks on companies is constantly rising, and the threat level reached a record high last year (source: BSI). The consequences can be devastating. Nevertheless, many companies often hesitate to conduct Security Audits. A Security Audit can...

Hacker Contest At The TU Darmstadt Enters The Next Round

Hacker Contest At The TU Darmstadt Enters The Next Round

"The Hacker Contest is a valuable component of our mission. Because giving students a hands-on understanding of the importance of penetration testing for IT security is more important than ever. " emphasizes Tobias Hamann, Senior Consultant IT Security at usd HeroLab....