Official QSA assessment
QSA assessment is a high level security audit conducted by an
official QSA company. The scope of the audit is determined in all cases by the QSA auditor.
AperSky Consulting Llc. is the only Hungarian official QSA company with three QSA auditor colleagues, consequently offers a
full range of PCI DSS QSA assessment services to its customers.
Official QSA assessment service contains the following elements:
- Preparation and scoping
- Delivering Gap analysis
- Onsite interview, investigation and revision process
- Collecting assessment evidences
- Documentation of Compensating controls
- Completion of overall QSA assessment documentation
- “Report on Compliance” (ROC) document
- “Attestation of Compliance” (AOC) document
- Quality assurance follow-up
SAQ (Self Assessment Questionnaire) validation
The annual PCI DSS audit is not mandatory for every concerned market player: below a certain number of transactions or managed cardholder data performing a “Self Assessment Questionnaire” (SAQ) is acceptable.
During the Self Assessment merchants or service providers have to perform a self-examination and evaluation on the basis of the ASV scans.
The completed SAQ including the Attestation of Compliance must be submitted to the payment brand.
In this case it is not obligatory
to involve a QSA assessor in the process but
is strongly recommended for the formal validation of the questionnaire. In the Self Assessment phase officially determined types of questionnaires must be filled in.
Our SAQ services contain the following activities:
- Help our customer to choose the relevant SAQ type
- Validate and countersign the SAQ document including the Attestation of Compliance completed by the merchant or service provider