Software developers and vendors who handle cardholder’s data are required to have their applications audited by PA Qualified Security Auditors to prove their compliance with PA DSS. Our PA QSA can assess and audit your software and applications to achieve compliance. We have developed a comprehensive process carried out in five simple phases.
The process commences with an introduction to Payment Application Data Security Standards endorsed by PCI, their requirements and sub-requirements, followed by a brief explanation of the scope of the evaluation, and in the end, we establish the necessary measures required to implement to achieve PA DSS compliance.
In the next phase, our team performs PA DSS Gap Analysis and detect any deviations present in your application, its development, testing process, deployment, and support procedure so that you have an opportunity to take corrective action prior to the certification process. Our QSA can also perform Pentest or Secure Code Review, depending
Subsequently, our team conducts a formal On-site Assessment to verify that you have successfully implemented the PA DSS requirements. All the observations, test results, and correction action recommendations (if any) are documented and provided to you, offering you an opportunity to rectify the issues. A follow-up review is also performed to confirm that everything is in order, and then we issue the official assessment report to you. Once you approve the report, we forward it to the PCI council for review. A PA DSS Certificate of Compliance is issued when the PCI council confirms successful compliance.
Once certification is awarded, we will support you in monitoring and maintaining the compliance status, we’ll review the status on quarterly or yearly basis.
We will also assist in the re-recertification process, in case there are some changes in your certified software. Our QSA will follow an adjusted assessment process and document the changes and issue a new certificate once the PCI Council approves the updated report.