Read to learn who the top QSAs are for higher education, what they do best, their pricing, what their customers are saying, and more.
If you work for a college or university and are in charge of PCI, you understand the importance of selecting the correct partner for your PCI assessment. In fact, universities face some of the most unique challenges when choosing the right PCI QSA.
To simplify this process, I’ve created a list of PCI QSAs and their benefits to help you evaluate your options.
What they're known for: SecurityMetrics is a full-service PCI Qualified Security Assessor (QSA) and Approved Scanning Vendor (ASV) with 20+ years of experience conducting PCI audits for universities. SecurityMetrics also offers ecommerce solutions, ASV scanning, penetration testing, PCI programs, training, PCI policies, and much more. If you're looking for an assessor with extensive audit experience in the university space who offers more than just assessments, SecurityMetrics is a good fit for your university.
SecurityMetrics has several qualities that make them an excellent match for universities that need to reach PCI compliance. These include:
SecurityMetrics is a good choice if your primary need is not only a ROC but also other tools and services to meet PCI requirements, with industry-best compliance products.
“SecurityMetrics is an integral part of the team in our PCI program. We depend on the assessors to make sure that we stay on the compliance track. They do it by developing relationships across campus, discussing upcoming projects or application changes, and being available to us for consulting. They are knowledgeable, helpful, and help us keep the campus engaged by their friendly demeanors.” (Robbyn Lennon, University of Arizona).
“It’s been a great partnership during my ten years working with SecurityMetrics. I appreciate the knowledge of the assessors and compliance experts and how they work well with all the departments at USC. If I have questions, I get answers quickly from SecurityMetrics support. I feel more peace of mind partnering with SecurityMetrics because of their extensive background working with universities and their complex environments.” (Richard Mariscal, University of Southern California).
“SecurityMetrics’ deep understanding of the PCI DSS requirements combined with their ability to apply the standards to our specific landscape built credibility with our campus stakeholders and allowed us to confidently report our compliance.” (Carnegie Mellon University, PCI DSS compliance project team).
SecurityMetrics has a PCI Audit Price Range Estimator that lets you input your specific requirements and needs to determine a range of what a PCI audit could cost your university. SecurityMetrics is one of the few vendors with this type of transparent pricing.
What They’re Known For: CampusGuard is a cybersecurity firm specializing in campus-based security. CampusGuard is known for its exclusive focus on the campus and higher education sector.
What makes CampusGuard a good PCI compliance match for universities?
CampusGuard has several offerings that make them a good match for universities, including:
CampusGuard is a good choice if your primary need is hyper-specialized, relationship-driven compliance management within the unique higher education context.
“CampusGuard delivered a custom report that provided a complete picture of any exploitable vulnerabilities, as well as a clear, actionable remediation strategy to strengthen the Inn’s security posture.” (Goodman, Virginia Polytechnic Institute).
Currently, CampusGuard offers no price range for its PCI assessments. Those interested will need to contact them directly for a quote.
RSI Security operates within the university PCI space as a comprehensive cybersecurity and compliance partner, offering a robust set of services that go beyond just the annual audit. While not as focused on higher education as SecurityMetrics or CampusGuard, they have a proven track record, enabling them to address the unique challenges universities face. RSI offers PCI as a service instead of traditional PCI assessments for compliance.
RSI Security has several offerings that make them a good match for universities, including:
In summary, while CampusGuard shines in its higher education-specific focus and SecurityMetrics offers a comprehensive suite of PCI-specific tools, RSI Security's strength lies in its broader and deeper cybersecurity expertise, combined with a highly proactive, continuous PCIaaS model.
“Peter worked with me to make sure I had concrete plans and evidence to bring to management. I could tell them I knew what would work, and how, with confidence,” and “Looking down the line at potential compliance questions, like with FISMA, we can say we’ve implemented the underlying infrastructure that keeps all sensitive data safe.” (Mike Zimmerman, Macomb Community College).
Universities that want to purchase RSI’s PCIaaS will need to contact them directly for a quote.
If you just need external PCI ASV scanning and reporting, RSI lists that cost as $2,575.00.
I’ve often found that the first step to choosing a great PCI partner is a deep understanding of what your university specifically needs.
For example, a large university with multiple campuses is going to have vastly different needs than a smaller community college. And yet, some problems seem to be universal within the higher-education sphere, so identifying your concerns is a great place to start.
See Also: How USC Boosted Security Credibility
See Also: How Carnegie Mellon Increased Its Security Posture & Confidence
See Also: What Problems Do Universities Face When Choosing a PCI Partner?