Skip to Main Content
United Kingdom
Select regional store:
Limited time offer! Get free access to 8 e-learning courses when you purchase any training course – hurry, offer ends 31 October!
PCI Compliance Penetration Testing

PCI Compliance Penetration Testing

SKU: 4573
Format: Compliance Penetration Testing

Requirement 11 of the PCI DSS (Payment Card Industry Data Security Standard) describes the need to regularly and frequently carry out tests to identify unaddressed security issues and scan for rogue wireless networks. Regular testing is fundamental to ensuring that an organisation is prepared for a range of attacks.

Buy now, pay later! Enjoy the benefits of paying by purchase order with an IT Governance corporate account. Apply online today or call our service centre team on +44 (0)333 800 7000.

For more information about this service or to get a tailored quote for your organisation, please enquire below and one of our experts will be in touch shortly.Enquire about this service

IT Governance’s PCI compliance penetration tests aim to assess your security systems, public-facing devices and systems, databases, and other systems that store, process or transmit cardholder data in order to discover your vulnerabilities before cyber criminals do.

Our penetration testing service will help you determine whether and how a malicious user could gain unauthorised access to assets that affect the fundamental security of your system, files, logs and/or cardholder data, and confirm that the controls required by the PCI DSS are in place and effective.

 All identified vulnerabilities are presented in a format that allows your organisation to assess its relative business risk and the cost of remediation.

Your challenge

PCI DSS Requirements 11.3.1 and 11.3.2 state that penetration testing must be performed at least annually and after any significant changes – for example, infrastructure or application upgrades or modifications, or after installing new system components. Organisations that do not regularly test the security controls governing their network and Internet-facing application leave vulnerabilities for criminal hackers to exploit. However, payment card data is usually the primary target in attacks against commercial environments. 



Our penetration tests will help you:

  • Gain real-world insight into your vulnerabilities;
  • Meet the obligations of the PCI DSS;
  • Assess the effectiveness of security controls in a safe but realistic manner; and
  • Identify how a system that stores, processes or transmits payment card data could be breached.
Our service offering

Our service offering

Meet the penetration testing requirements of the PCI DSS with our comprehensive web application, infrastructure or wireless network penetration tests.

Merchants/service providers 

Quarterly* external vulnerability scan (ASV)

Quarterly* internal vulnerability scan

Annual** penetration test (Level 2)

Quarterly wireless network analysis

Annual web application vulnerability scan1

  Req. 11.2.2 Req. 11.2.1 Req. 11.3 Req. 11.1 Req. 6.6
RoC Yes Yes Yes ++ Yes Yes
SAQ D for merchants Yes Yes Yes      Yes Yes
SAQ D for service providers Yes Yes Yes ++ Yes Yes
SAQ C Yes Yes Yes #  Yes Yes
SAQ C-VT     Yes #     
SAQ P2PE-HW          
SAQ B          
SAQ B-IP Yes   Yes #     
SAQ A-EP Yes Yes Yes +    Yes
SAQ A          

Purchase the required test

* Or after any significant change in the network (such as new system component installations, changes in network topology, firewall rule modifications, product upgrades).
** Or after any significant infrastructure or application upgrade or modification (such as an operating system upgrade, a subnetwork added to the environment, or a web server added to the environment).
# Only required for testing network segmentation if any is present.
+ Only external penetration test required.
++ For service providers, any network segmentation must be tested every six months.
1 Or after any change to the application. Applicable if developing own applications or using a third-party non-PCI-certified web application. 

Why choose us?

Why choose us?

  • Penetration tests should only be carried out by experienced consultants with the necessary technical skill set and qualifications. Our consultants have strong technical knowledge and a proven track record in finding security vulnerabilities. They can carry out exploits in a safe manner and advise on appropriate mitigation measures to ensure your systems are secure.
  • Our CREST (Council of Registered Ethical Security Testers)-certified penetration testing team will provide you with clarity, technical expertise and peace of mind knowing that your external network has been reviewed by experienced testers in line with your business requirements.

Customer Reviews

This website uses cookies. View our cookie policy
Free e-learning