Payment Application PA-DSS Assessment Services

A PA DSS Assessment is conducted by a PA-QSA-certified auditor ensuring accurate and proper assessment of your application.

 

Who Needs a PA DSS Assessment?

 Software vendors and others who develop payment applications that store, process, or transmit cardholder data as part of authorization or settlement, where these payment applications are sold, distributed, or licensed to third parties.

What is PA DSS Assessment?

The scope of our PA DSS Assessment includes a thorough review of all requirements as defined in Payment Application DSS Standard. The PA-QSA-certified auditor will prepare a detailed gap analysis and remediation plan to ensure compliance for the actual audit. Arsenal utilizes a proprietary application that provides detailed questionnaires, checklists and scoring to clearly identify areas of concern

PA DSS Assessment Services Engagement Process and Deliverables

After an initial call, the Arsenal Security Group Senior Information Security Professional will prepare a statement of work within 2 days and we normally can begin an engagement within two weeks. During the engagement we will use interviews, questionnaires, physical tours and technical tools to develop our assessment. One of our Senior Information Security Professionals will lead the engagement working with one of our PA-QSA-certified auditors. We will provide an executive summary, a detailed report with all of our findings and recommendations, and a final onsite presentation. Our engagement is not complete until all of our deliverables have been reviewed and accepted by our client.

About Arsenal Security Group
Arsenal Security Group is a security consulting firm that is focused on close client coordination and collaboration. From the initial meeting through the final presentation, one of Arsenal Security Group’s Senior Information Security Professionals will be the primary contact for all engagement activities.We proactively conduct weekly calls with our client when engaged and meet with clients on a quarterly basis to review and understand their security posture – even when we are not actively engaged on assignment to ensure they are aware of new security risks or regulatory changes they may impact their business.