Security Consulting
PCI Onsite Audit | Secure Application | Cyber Security Services

PCI Onsite Audit


Visa, MasterCard, Discover, American Express and JCB require many merchants and service providers that store, process or transmit credit card data to maintain a detailed security assessment conducted by a PCI Security Standards Council-certified Qualified Security Assessor (QSA). If your organization is found to be out of compliance, card issuers can levy substantial fines and even suspend your ability to process payment card transactions-which could cause you to lose billions of dollars and countless customers. Many organizations have achieved QSA certification status, but few have a wide range of experts able to use their knowledge of all facets of security and compliance in order to add value to their assessments and to ensure that remediation occurs. Choosing a QSA that can certify your organization and respond to your unique needs and budgetary constraints can be a challenge.


Secure Application's PCI Onsite Audit helps fulfill the PCI DSS requirement for an annual onsite audit by a third-party assessor. We perform the onsite audit, which includes all processes, architectures and IT controls defined by the PCI DSS, and provide the Report on Compliance (RoC) needed to satisfy audit requirements. Following a PCI DSS assessment, if you are found to be out of compliance, we will provide remediation recommendations and services. After revalidation, we will issue a new, validated RoC, verifying that your organization is fully compliant.

  • Avoids fines and interruptions to payment card transactions
  • Minimizes risk of breaches and fraud.
  • Fulfills annual onsite PCI DSS audit requirement
  • Provides access to comprehensive PCI DSS compliance expertise
  • Identifies and remediates noncompliant solutions and processes
  • Provides access to your own personal PCI DSS compliance advocate

Secure Application's PCI Onsite Audit services, covering all processes, architectures, and IT controls, include:

  • QSA assessments
  • Ingress, storage and egress point discovery for systems that transmit, process or store cardholder data
  • Data flow diagram creation based on the discovery phase, done in conjunction with qualitative interviews of the relevant business units, system-level reviews and network-level reviews
  • Gap identification and analysis
  • Revalidation assessments following remediation
  • Certified RoC documents