Corinna Reinheimer, who is in charge of ASV scans at usd AG, tells us the five most important characteristics you should consider when choosing your PCI scanning partner.
Top 1: Comprehensive experience
Employees in the fields of security analyses and vulnerability management require comprehensive professional experience in order to ensure they can propose proper solutions to security findings.
Top 2: A competent customer support
To be able to answer all questions that may arise in a timely manner and preferably in the local language, the ASV should have an easily contactable customer support with trained staff.
Top 3: Unlimited number of re-scans
If a scan does not yield a successful result (“compliant”) on the first try, the customer is required to conduct re-scans after remediating the findings. New security vulnerabilities are being discovered on a daily basis and the list of vulnerabilities a scanner must search for is updated constantly. Therefore, a re-scan may discover some new vulnerabilities that need to be remediated for the scan to yield a “compliant” result. With unlimited re-scans, each vulnerability can be processed individually and the compliance status of the scan can be checked immediately afterwards.
Top 4: A reliable platform
The customer should be able to manage scans independently from the service times of the ASV. This requires a web based platform that allows the customer to complete tasks such as ordering, planning and processing scans at any time. Ideally, the customer can also complete Self Assessment Questionnaires (SAQs) and submit assessment reports via the platform to have all documents required for validating PCI compliance in one place.
Top 5: Extensive PCI consulting and certification services.
A company offering ASV services should have comprehensive expertise. Ideally, the company providing the service is not only an ASV, but also an accredited assessor of PCI Security Standards. This way a customer can make sure to receive competent advice and expert answers to all their questions regarding the steps they need to take to validate PCI compliance.
You need assistance?
As an accredited assessor, usd AG advises and certifies companies worldwide in accordance with the requirements of the Credit Card Industry and has been an Approved Scanning Vendor (ASV) accredited by the PCI Security Standards Council for more than 14 years. Companies from all over the world rely on the expertise of our accredited assessors and PCI Competence Center and use the services of our usd PCI Platform.