Regularly testing the security of systems and processes in the form of vulnerability scanning and penetration testing has always been a requirement for complying with the PCI DSS (Payment Card Industry Data Security Standard).
The Standard requires system components, processes and custom software to be tested regularly to ensure security is maintained.
IT Governance is a CREST-accredited provider of security testing services. Our range of testing services enables organisations of all sizes to improve the security of their cardholder data environment.
Our consultants can support:
- PCI ASV (Approved Scanning Vendor) scanning;
- Web application penetration testing;
- Internal and external infrastructure testing;
- Mobile application and device security;
- Wireless network testing;
- Simulated social engineering tests;
- Build reviews; and
- IT health checks.
Speak to a PCI DSS expert
Get in touch with one of our specialists today for more information about our PCI DSS consultancy and technical security services, or to get a tailored quote for your organisation.
Request a quote
Our PCI technical security services
Our consultants will be able to advise you on how PCI DSS testing requirements apply to your organisation.
PCI Compliance Penetration Testing
PCI DSS Requirements 11.3.1 and 11.3.2 requires certain organisations to perform penetration testing at least annually and after any significant changes.
This can help determine whether and how a malicious user could gain unauthorised access to assets that affect the fundamental security of the system, files, logs and/or cardholder data.
Our PCI compliance penetration tests will assess your security systems, public-facing devices and systems, databases and other systems that store, process or transmit cardholder data to discover your vulnerabilities before cyber criminals do.
Find out more
PCI ASV scanning
PCI DSS Requirement 11.2 requires organisations to run internal and external network vulnerability scans at least quarterly, and after any significant change in the network.
Conducting vulnerability scans helps identify vulnerabilities and misconfigurations of websites, applications, and IT infrastructures that have Internet-facing IP addresses.
Find out more