Skip to Main Content
PCI Compliance Penetration Testing

PCI Compliance Penetration Testing

SKU: 4573
Format: Compliance Penetration Testing

Requirement 11 of the PCI DSS describes the need to regularly and frequently carry out tests to identify unaddressed security issues and scan for rogue wireless networks. Regular testing is fundamental to ensuring that an organisation is prepared for the full range of attacks that companies have to face. 

 COVID-19: remote delivery options

We would like to reassure our clients that all training and consultancy services will go ahead as scheduled during the current COVID-19 situation. As a company that fully embraces flexible and remote working, we are adjusting our delivery methods to allow us to provide consultancy services, penetration tests and training remotely where necessary. Please also refer to our COVID-19 policy. 

For more information about this service or to get a tailored quote for your organisation, please enquire below and one of our experts will be in touch shortly.Enquire about this service

IT Governance’s PCI compliance penetration tests aims to assess your security systems, public-facing devices and systems, databases and other systems that store, process or transmit cardholder data to discover your vulnerabilities before cyber criminals do.

Our penetration testing service will help you to determine whether and how a malicious user could gain unauthorised access to assets that affect the fundamental security of the system, files, logs and/or cardholder data; and confirm that the controls required by the PCI DSS are in place and effective.

Once identified, all identified vulnerabilities are presented in a format that allows an organisation to assess their relative business risk and the cost of remediation.

Your challenge

PCI DSS Requirements 11.4.1 and 11.4.2 state that internal and external penetration testing must be performed at least annually and after any significant changes – for example, infrastructure or application upgrades or modifications, or after installing new system components. Requirement 11.4.5 requires penetration testing of network segmentation controls.

Many organisations do not regularly test the security controls governing their network and Internet-facing applications, which can leave vulnerabilities for criminal hackers to exploit. However, it is widely known that payment card data is usually the primary target in attacks against commercial environments.


Our penetration tests will help you:

  • Gain real-world insight into your vulnerabilities;
  • Meet the obligations of the Standard;
  • Assess the effectiveness of security controls in a safe but realistic manner; and
  • Identify how a system that stores, processes or transmits payment card data could be breached.

Our service offering

  • A review of the testing environment to assess your network and identify information that would be useful to a hacker.
  • A range of manual tests using a methodology closely aligned with the Open Source Security Testing Methodology (OSSTM).
  • A series of automated vulnerability scans.
  • Immediate notification of any critical vulnerabilities to help you take action quickly.
  • A detailed report that identifies and explains the vulnerabilities (ranked in order of significance).
  • A list of recommended countermeasures to address any identified vulnerabilities.
  • An executive summary that explains what the risks mean in business terms.

Why choose us?

  • Penetration tests should only be carried out by experienced consultants with the necessary technical skill set and qualifications. Our consultants have strong technical knowledge and a proven track record in finding security vulnerabilities and can carry out exploits in a safe manner and advise on appropriate mitigation measures to ensure that your systems are secure.
  • Our CREST (Certified Register of Ethical Security Testers) certified penetration testing team will provide you with clarity, technical expertise and peace of mind knowing that your external network has been reviewed by experienced testers in line with your business requirements.