1. Complete the PCI Self-Assessment Questionnaire using our free, online wizard
- Preliminary questions will help you to determine which 'validation type' your company fits into
and therefore of the 4 self assessments questionnaires you need to complete.
- Each of the questions is accompanied by expert help, information and advice that will help you
o both interpret the question correctly and provide the appropriate answer
- Once the wizard is complete, you will receive:
- A questionnaire summary detailing any control areas on which you failed compliance
- A custom 'Remediation Plan' for your company containing a list of remedial actions that
you need to take alongside links to recommended products and services that will help you
resolve non-compliant areas.
- A 'ready - to - submit' PCI DSS Self Assessment Questionnaire which will include your
completed 'Attestation of Compliance'
2. Conduct a quarterly vulnerability scans on your externally facing IP addresses
If your organization is required to be compliant with section 11.2 of the PCI standard then you will also need to obtain quarterly vulnerability scans on your network.
HackerGuardian will conduct an in-depth audit of your network to detect vulnerabilities on your network and web-server. If your servers fail the test, you will find lots of helpful advisories in the scan report that will help you patch the security holes.
After your infrastructure passes the scan, HackerGuardian will automatically generate the PCI Compliance report that you need to send your acquiring bank as to demonstrate your compliance.
Find out more about HackerGuardian PCI Scanning Services.
3. Send the completed questionnaire, attestation of Scan Compliance report
and Executive Report to your acquirer.
The attestation, the Executive Report and the Annual Self Assessment Questionnaire should be turned into your merchant bank. Your merchant bank will then report back to the Payment Card Industry that your company is PCI Compliant.