ControlScan: Many IT Leaders Unprepared For First PCI QSA Assessment

June 26, 2018

ATLANTA, June 25, 2018 -- ControlScan, a leader in managed security and compliance solutions that help secure networks and protect payment card data, has published a new educational white paper aimed at helping IT leaders save considerable time and money when engaging a Payment Card Industry Qualified Security Assessor (PCI QSA). “Preparing for Your First PCI QSA Assessment: 7 Steps to Uncomplicated Compliance” addresses the company’s observation that many businesses are not clear on the steps to prepare for a PCI QSA assessment. 

“Approximately 40-50% of the companies that contact us to perform their QSA-led assessment haven’t yet laid the necessary groundwork for the assessment to be a success,” said Marc Punzirudu, Director of Security Consulting Services, ControlScan. “Failure to prepare is a recipe for disaster, because it complicates and extends the auditing process well beyond what anyone intended.” 

The new ControlScan white paper helps CIOs and CISOs understand the investment of resources required to properly prepare for their first QSA assessment. It covers the common reasons companies fail to achieve PCI compliance, how QSAs approach assessment engagements, and the seven key steps to a PCI compliant QSA assessment. 

“It’s a common misconception that the QSA will provide not just the assessment, but also the means for compliance,” said Punzirudu. “Such an arrangement, however, creates a conflict of interest for the QSA company. An auditor can’t be the party charged with assuring compliance.” 

Companies with more than 6 million credit card transactions per year are considered PCI DSS Level 1 and are therefore required to undergo an annual PCI QSA assessment. Other companies voluntarily complete the QSA assessment for a variety of reasons, including the ability to leverage the QSA-issued Report on Compliance (ROC) as a competitive differentiator. 

“These days it’s commonplace for security and compliance to take center stage in business development conversations,” Punzirudu said. “We’ve worked with several organizations whose prospective customers asked for a current ROC as part of their service-provider agreements.” 

The “Preparing for Your First PCI QSA Assessment: 7 Steps to Uncomplicated Compliance” white paper is now available for free download in the Knowledge Center

For more information about ControlScan and its managed security and compliance solutions, please visit

About ControlScan                                                   
ControlScan managed security and compliance solutions help secure networks and protect payment card data. Our “We’ve Got Your Back” promise supports thousands of companies by combining deep-seated expertise with superior technologies for services such as managed UTM firewall, network log monitoring and management, and advanced endpoint security. Processors, acquirers, ISOs and payment facilitators also utilize our strategic PCI compliance programs to reduce portfolio risk and strengthen merchant relationships. 

Headquartered in Atlanta, ControlScan is globally connected through a worldwide base of customers, partners and strategic alliances. Our team has over 25 industry certifications, and ControlScan is a certified Level 1 compliant PCI-DSS Service Provider. For more information about our company and its solutions, please visit


Editor’s Note: confirmed with source that this is relevant to vending companies that contract with credit card processors in order to take credit card payments.