SOFTWARE VENDOR
YOUR PATH TO COMPLIANCEYOUR CERTIFICATION PROCESS
Our PCI PA-DSS security audits are based on the requirements of the PCI Security Standards Council and are structured into the following phases:
During the course of a PCI PA-DSS Scope Workshops we introduce you to the contents of the PCI PA-DSS. While doing so, we discuss the applicability of the individual PCI PA-DSS requirements with you, define the assessment scope and determine the next steps to be taken to achieve PCI PA-DSS together.
We verify compliance with the requirements of the PCI PA-DSS during a PCI PA-DSS Gap Analysis to prepare you optimally for the final certification. This enables you to detect existing deviations in applications as well as development, testing, deployment and support processes at an early stage, and to correct them before the official PCI PA-DSS certification takes place. In addition, we offer to perform a security analysis of the application in the form of a Penetration Test as well as a Secure Coding Training for software developers and quality engineers as required by the PCI PA-DSS.
The PCI PA-DSS certification consists of an On-Site Assessment performed by a usd expert. We specify the actual test scope and the testing procedure in advance together with you. The assessment is a formal process to validate your implementation of the PCI PA-DSS requirements. We document the results of the on-site audit including recommended corrective action, if required. You then have the opportunity to correct existing deviations from PCI PA-DSS requirements. Subsequently, we perform a selective follow-up test (re-testing). Simultaneously, we issue the official assessment report. After the report has been approved by you, we forward it to the PCI Council for review. Following successful confirmation of compliance, we will issue a PCI PA-DSS certificate and a seal of approval for you to use on your own website.
Following the successful PCI PA-DSS certification, we will support you in maintaining compliance by performing Quarterly Workshops. We will discuss PCI PA-DSS-relevant changes within your company as well as changes to the security standard itself with you and suggest measures to maintain PCI PA-DSS compliance.
Changes to certified software can be assessed and published through a re-certification process. During this process, one of our auditors assesses the relevant software changes and conducts an adjusted re-certification process. The auditor then forwards the results to the PCI Council. We support you with re-certifying all types of changes according to the PCI PA-DSS Program Guide (High Impact, Low Impact, No Impact, Administrative). New software versions can therefore be re-certified and submitted to the PCI Council for listing at calculable cost.