The PCI compliance standard is a “Narrow but Deep” assessment standard. Crimson is able to provide all levels of assessments to both Merchants and Service Providers.

Crimson Security Inc.’s PCI assessments are based on evaluating the security posture of the organization against requirements derived out of the PCI standard. The assessment also includes vulnerability scans that are conducted on both internal systems and devices and external scans.

Crimson’s process endeavors to ensure an end result of 100% PCI compliance by engaging with our clients using the following steps:

  • Crimson conducts PCI compliant Penetration Testing remotely using virtual machines (for internal and external tests)
  • Initial conference call to discuss project scoping and business and security analysis
  • Onsite PCI GAP analysis
  • Final onsite PCI specific audit when remediation plan has been fully implemented
  • Issuance of fully compliant ROC to client and PCI

*Crimson Security is a fully qualified QSA