Skip to main content

PCI Compliance

Organizations that process, store, or transmit credit card payment data are responsible for achieving and maintaining compliance with the Payment Card Industry (PCI) Data Security Standard (DSS). Like many compliance mandates, PCI DSS can be complex, especially for large enterprises. Focal Point has been a PCI QSA and ASV for more than a decade, and we have performed hundreds of PCI DSS compliance engagements for organizations of all sizes.  Let our experts guide you through the process.

Need help planning your next PCI assessment?

Check out our PCI DSS scoping guide!

Image removed.

The Focal Point Team

Focal Point has been a PCI QSA­ and an ASV since 2006, and nearly every member of our PCI team has earned the individual QSA designation. Our team of certified QSAs have worked together to support some of the largest organizations in the world.  Our goal is – and always has been – to provide sustainable PCI solutions that deliver a high return on investment and strengthen the overall security of your company.  

With Focal Point as your trusted PCI Advisor, you have the industry expertise and real-world experience to develop a robust PCI compliance program.

PCI QSA Certification


PCI ASV Certification


The Value of Focal Point PCI DSS Assessment

The PCI DSS requirements are an essential starting point for merchants that accept credit card payments.  While compliance with PCI DSS shields your company from liability, it does not represent a complete protection of your cardholder data.  Because a single breach can have such devastating impacts on your business, Focal Point prefers to serve as a trusted partner for our PCI clients, rather than simply a one-time assessor.  Our combination of compliance, penetration testing, IT risk and infrastructure expertise offers our PCI clients the unique opportunity to substantially strengthen their defenses through the PCI assessment process.  

Many leading companies have chosen Focal Point as their trusted partner in PCI compliance. Benefits include:    

  • Protect your business and limit liability with a successful Report on Compliance
  • Reduce compliance costs by integrating PCI requirements with other compliance mandates
  • Streamline security by partnering with Focal Point for related projects, including risk assessments, penetration testing, and network segmentation
  • Improve real-world security along with achieving PCI compliance
  • Leverage the experience of a proven PCI QSA and ASV with a decade of experience
  • Know where you stand with our detailed roadmap to compliance, which includes an achievable step-by-step breakdown
  • Get an accurate picture of your risks with a report that ranks areas of non-compliance by risk level


Focal Point provides services to meet all of the PCI DSS requirements, including network architecture, system configuration, security management, policies, procedures and other critical security measures.

Annual Onsite Audit

Our team compares each requirement of the PCI DSS with your current practices to determine your compliance, and can issue a ROC and an AOC, if compliance has been achieved.

Gap Analysis and Compliance Roadmap

Our team walks through the PCI DSS and holds current practices against DSS requirements to determine any holes in compliance. Following our evaluation, we provide a detailed gap ­analysis that ranks areas of non-compliance by risk level along with detailed steps to remediate these gaps.

Remediation Assistance

Our team provides subject matter expertise as you take steps to remediate any gaps in compliance.

Self Assessment Questionnaire Assistance

Once you feel confident that your organization is compliant, our team will walk through the self assessment questionnaire with you and help you develop the best response and determine if there are any weak points in compliance.    

Continued Compliance Programs

Once your organization is deemed compliant by the SSC, our team will provide ongoing support to ensure that new policies, procedures, and applications meet compliance requirements, and also advise on any ongoing security initiatives that may affect compliance each year.

ASV and Internal Network Scans

As a certified ASV, Focal Point's team is equipped to provide quarterly external scans of your cardholder data environment (CDE) and internal network scans to detect any vulnerabilities and malicious threats to your network.

Secure Network and Systems Architecture Assessment

Our team evaluates the architecture design of your network environment to determine its compliance with DSS standards and corrects any existing architecture design flaws.

Penetration Testing

Our team attempts to gain access to our your physical or logical infrastructures by using unknown (black box), partially known (gray box), or known (white box) methods. Each asset undergoes a comprehensive attack, and the results are evaluated and prioritized.

Web and Mobile Application Assessments

Using a hybrid approach of both automated and skilled manual analysis, our team does a comprehensive test of the enabled security controls meant to protect the application's exposed user interface.

Wireless Analysis

Our team tests your encryption and authentication technologies so you can protect the confidentiality of wireless transmissions and monitor and control unauthorized network access.


tweets by @FocalPointDR

Loading Tweets...