Regularly testing the security of systems and processes in the form of vulnerability scanning and penetration testing has always been a requirement for complying with the PCI DSS (Payment Card Industry Data Security Standard).
The Standard requires system components, processes and custom software to be frequently tested to ensure security is maintained.
IT Governance is a CREST-accredited provider of security testing services.
Our range of testing services enable organisations of all sizes to effectively improve protection of the card data environment.
Our consultants can support:
- PCI ASV (Approved Scanning Vendor) scanning;
- Web application penetration testing;
- Internal and external infrastructure testing;
- Mobile application and device security;
- Wireless network testing;
- Simulated social engineering tests;
- Build reviews; and
- IT health checks.
Speak to a PCI DSS expert
Get in touch with one of our specialists today for more information about our PCI DSS consultancy and technical security services, or to get a tailored quote for your organisation.
Speak to an expert
Discover our range of PCI technical security services
Our consultants will be able to advise you on how PCI DSS testing requirements apply to your organisation.
PCI Compliance Penetration Testing
PCI requirement 11.3.1 and 11.3.2 requires certain organisations to perform penetration testing at least annually and after any significant changes.
This can help determine whether and how a malicious user could gain unauthorised access to assets that affect the fundamental security of the system, files, logs and/or cardholder data.
Our PCI compliance penetration tests assess your security systems, public-facing devices and systems, databases and other systems that store, process or transmit cardholder data to discover your vulnerabilities before cyber criminals do.
Find out more
PCI ASV scanning
PCI requirement 11.2 requires organisations to run internal and external network vulnerability scans at least quarterly, and after any significant change in the network.
Conducting vulnerability scans helps identify vulnerabilities and misconfigurations of websites, applications, and IT infrastructures that have Internet-facing IP addresses.
Our scanning service performs highly accurate scanning of your externally facing systems as required by the PCI DSS. It runs more than 60,000 tests on your organisation’s servers and network, and provides clear advice on how to fix any security vulnerabilities.
Find out more