PCI Compliance

The PCI DSS is the benchmark for securing payment card data, but compliance with the PCI DSS can be complicated, especially for large, global organizations.
Securing your CDE

Securing Your CDE

Focal Point has been a Payment Card Industry (PCI) Qualified Security Assessor (QSA) and Approved Scanning Vendor (ASV) for more than 14 years. We have helped some of the biggest retailers in the world align their policies, procedures, and technologies with the PCI Data Security Standard (DSS). Leveraging our expertise in PCI compliance, penetration testing, and IT risk, Focal Point can help you pinpoint gaps in compliance and address them quickly.

Our Services

We don’t just tick off the boxes. We partner with our clients to ensure their cybersecurity programs have strong policies and processes in place that comply with the PCI DSS.

Annual Onsite Audit

Our team compares your current practices against each requirement of the PCI DSS to evaluate your compliance, ending with an ROC and AOC, if compliant.

Contact Us
01 ROC Services
02 AOC Services
03 DSS Expertise

Gap Analysis

Our team identifies gaps in compliance, provides a detailed report that ranks areas of non-compliance by risk level, and offers detailed steps to remediate each gap.

Contact Us
01 Gap Identification
02 Compliance Roadmap
03 Expert Support


Our team provides subject matter expertise as you address gaps in compliance and build a stronger cybersecurity program.

Contact Us
01 Subject Matter Expertise
02 Policy Development
03 Process Improvement

Continued Compliance

Our team can provide ongoing support to ensure that new policies, procedures, and applications meet compliance requirements.

Learn More
01 Program Updates
02 Annual Audits
03 Expert Advisory

ASV Scanning & Pen Testing

As a certified ASV, we can provide quarterly external scans of your CDE and internal network scans to detect any vulnerabilities within your network. Our team can also test and improve the security of your organization by pinpointing and prioritizing crucial weaknesses and vulnerabilities within your network

Learn More
01 Pen Testing
02 ASV Scanning
03 Segmentation Validation

PCI in the Cloud

Our team can help you asses your cloud environment and align cloud resources with the requirements of the PCI DSS.

Learn More
01 Gap Analysis
02 Compliance Roadmap
03 Remediation Testing

Different from the Rest

Focal Point has helped dozens of retailers, hospitality groups, and others achieve and maintain PCI compliance. Here’s how:

Full Suite of Services

PCI audits are just one arrow in our quiver. From remediation assistance to pen testing, we can help you build a best-in-class security program.

Partnerships Built on Trust

We’re more than just your QSA. We’re your partner. We will work alongside you to help identify issues and address gaps in compliance.

More than a Checked Box

We're not here to check boxes. Cybersecurity is our passion, and we will work hard to ensure your processes, policies, and technologies are secure.
Have a question?

Contact Us

Focal Point is excited to take on your biggest data risk challenges. If you'd like to speak to a Focal Point expert or inquire about our services, please fill out the following form.
Featured Case Study

A PCI Audit for a Major Retailer

One of the largest privately held regional retail corporations in the United States engaged Focal Point as its PCI QSA to perform its annual PCI compliance audits.

Learn More
In annual audit costs
In the total time to complete the audit
PCI Compliance 2

Six Questions to Ask Your PCI QSA

While organizational factors like budget, leadership buy-in, and technology ultimately have the biggest impact on PCI compliance, your relationship with your PCI Qualified Security Assessor (QSA) can shape your compliance success. Regular discussions with your PCI QSA on scoping, compliance in the cloud, remote assessments, and security threats can help you achieve compliance more efficiently. In this blog post, we look at six questions you should ask your PCI QSA as you prepare for PCI compliance in 2021.

Read Now