Get help with PCI 6.4.3 and 11.6.1
Learn More
Home
PCI Compliance
Assessment

PCI DSS 4 Onsite Assessment

Pass your PCI 4 audit on schedule.

Two PCI audit experts work together in a server room
Jump to Section
Summary
Features
How it Works
FAQ
Resources
Why SM

Get Expert Guidance on your PCI Assessment

Why would you risk working with inexperienced assessors? Our experts guide you through your PCI assessment–making your life much easier.

SecurityMetrics has been around since the beginning of the PCI DSS. Using over 20 years of auditing experience, you get crafted a process that simplifies and streamlines your work. SecurityMetrics participates in the PCI Council’s GEAR meetings and holds credentials like: QSA, QPA, PFI, ASV, CISSP, CISA, CCSFP, SSF, SSL. You're in good hands.

PCI DSS version 4.0.1 Assessment Features

Your PCI DSS Assessment includes:

A PCI audit coordinator to help ensure you hit deadlines on time.

Proper PCI scoping to help you avoid potential roadblocks

Software to help you never miss another PCI audit task.

A focus to help you pass your PCI audit the first time.

A QSA that pays attention to you so you can get your needs addressed quickly.

Auditors that aren't overbooked so you can get the attention you deserve.

Pre-audit consulting to help you know what's needed to pass your audit.

A QSA that will help you understand how changes affect your PCI compliance now and moving forward.

Get key insights from our team of PCI experts

Pass your PCI audit on schedule

Identify and solve your security needs

Benefit from a custom audit experience based on SecurityMetrics’s years of experience and comprehensive scoping process. With an in-depth understanding of the PCI 4.0 landscape and assessment methods, you can experience responsive guidance before, during, and after your PCI assessment.

Learn from an expert QSA perspective

Be confident in your PCI assessment, knowing that SecurityMetrics QSAs continuously study the latest security trends, so you don’t have to. SecurityMetrics QSAs have completed thousands of PCI DSS audits over the years, ensuring you won’t just get a surface-level assessment. With the full attention of the SecurityMetrics team, you will experience the peace of mind that your issues and vulnerabilities will be addressed and deadlines met.

Get the advice you need with PCI consulting

If you’re not ready for a PCI assessment but want to speak to an expert about your environment, SecurityMetrics now offers PCI Consulting. When you partner with SecurityMetrics for a PCI Consultation, you get:

  • The latest PCI v.4.0 advice
  • Scope Reduction Consulting
  • PCI Gap Analysis (as part of our consulting)
  • Reports with answers to your specific questions

SecurityMetrics QSAs are seasoned professionals with extensive experience in all aspects of PCI, so you can ask in-depth questions and get insightful advice.

Enjoy an on-time PCI 4.0 audit

You shouldn’t have to feel stressed about a looming PCI assessment deadline. SecurityMetrics provides you with a robust project management tool to keep everyone on task and help you:

  • Stay organized by ordering messages and tasks by the requirement they are associated with.
  • See which stage you’re at in your assessment using the project visualization tool.
  • Download reports from your QSAs.
  • Assign team members specific tasks as their administrator, leaving comments on tasks so everyone is informed.
  • Guide your efforts to close your compliance gaps and prepare for your compliance validation assessment.

Stop shopping cart eskimming

Make PCI compliance a breeze with SecurityMetrics Shopping Cart Monitor. Monitor helps you comply with PCI requirements 6.4.3 and 11.6.1. Monitor uses SecurityMetrics Award-winning and patented Webpage Integrity Monitoring Technology. This means less worry and faster PCI compliance.

PCI Assessment Timeline Steps

01

Gap analysis

During this phase, knowledgeable SecurityMetrics QSAs complete an initial gap analysis of your organization's compliance status. After the gap analysis is completed, feedback and remediation checklist items will be shared with you in our online project management tool. Your SecurityMetrics QSAs are dedicated to helping you reach compliance and become fully secure, not to make you feel guilty for any gaps you might have.

02

PCI validation assessment

Your QSA will either work with you remotely to collect evidence or make an in-person visit to your location to assess your compliance to the PCI DSS standard. Your SecurityMetrics audit coordinator makes sure you meet deadlines by moving along your assessment in a timely manner.

03

Remediation and retesting

SecurityMetrics QSAs work with you to fix areas of non-compliance, expediting the retesting process to ensure a timely assessment.

04

Submitting Your AOC and ROC

After remediation and retesting, SecurityMetrics will submit your attestation of Compliance (AOC) and Report on Compliance (ROC) to any required parties, such as the card brand or merchant bank.

SecurityMetrics QSAs have performed 2000+ audits, mastering the audit process

PCI DSS Compliance FAQs

How much time does a PCI assessment take?

If you involve a third-party QSA, this likely means you have a more complex environment or more transactions.

If it’s your first time receiving a PCI audit, you are likely looking at a three-month to a year-long process, depending on readiness. This is due to the discovery process and the significant change it presents to your environment.

There are also customers who have tight deadlines and who are willing to do the hard work of preparation and may be closer to the three-month mark.

How can I increase my likelihood of passing my PCI DSS assessment?

You need vulnerability scanning requirements in hand in order to pass your audit. To pass, you need four quarterly scans and for these to meet compliance requirements. Your audit is done to help you continuously get quarterly passing scans. Make sure you are using an approved scanning vendor for your scans and follow up quickly if you fail a scan.

What is an SAQ for PCI validation?

SAQ stands for self-assessment questionnaire. Depending on an organization’s card transaction volume and the types of transactions it performs, it may be able to use an SAQ to self-evaluate its compliance with the PCI Data Security Standard.

SAQs contain questions about card data security. SAQs range in size from 22 questions (SAQ A) to 329 questions (SAQ D).

How much does a PCI assessment cost?

A PCI assessment can range widely in cost. On the low end, a PCI audit can cost 16-18K. Audits can also cost tens to hundreds of thousands of dollars depending on how many locations you have, how many parties need to be audited, how complex your network is, and so forth.

Even a short call with a SecurityMetrics representative can give you a more accurate estimate of what a PCI audit would cost you.

Does my payment solution make me PCI compliant?

No, PCI compliance is more than the technology you use to process payments. Validating compliance shows that your business handles payment card data safely, in all scenarios. No matter what solution you choose to process payments, whether online or in person, you will still need to validate compliance, even if you use point-to-point encryption. In short, the responsibility is on you to validate that your business handles payment data safely by following the PCI standard.

Resources

The following are related resources that we have prepared for you. Find more answers to your questions in our Learning Center.

download
PCI Onsite Audit
Data Sheet
download
How USC Boosted Security Credibility
Case Study
download
Anedot’s PCI Audit Experience
Case Study
download
InfoSend’s PCI Audit Experience
Case Study
play_arrow
Get Ready for a PCI DSS v4.0 Audit
Webinar
play_arrow
What to Expect from a PCI v4.0 Assessment
Webinar
download
SecurityMetrics Guide to PCI Compliance
Guide

Why choose SecurityMetrics?

Get fully-supported PCI compliance

Learn to get PCI compliant without the confusion–even if you're new to PCI.

If your business accepts, stores, or transmits card data, PCI DSS compliance validation is required by card brands such as Visa, American Express, Mastercard, and Discover.

editor_choice
Award-winning PCI support
Get help with a pre-onsite gap analysis, onsite assessment, remediation assistance, to a delivered PCI Report on Compliance.
sync_saved_locally
Tools to simplify compliance
Get tools to simplify  the compliance process including: scanning, penetration testing, card data discovery, security policies, and security training.
groups
Partner with a full-service vendor
We are one of only a few vendors worldwide that hold credentials for all aspects of PCI compliance.
sell
Straightforward pricing
Your PCI scope is evaluated based on your needs, avoiding unnecessary add-on charges.

Recognition for Outstanding Work

SecurityMetrics has worked hard over the years to provide outstanding products and services. Here are some of the awards the team has won.

The Golden Bridge Award 2020 Gold logo
Global Infosec Award Winner 2024 Logo
Cybersecurity Excellence Award Winner 2023 Logo

20+ years of experience

QSA | PFI | ASV | P2PE | SSF | SLC | 3DS | QPA | PCIP

PCI Qualified Security Assessor logo
HITRUST Authorized CSF Assessor logo
CISSP logo
HCISPP logo
CISA logo

See how we've helped our clients succeed

When you succeed, we succeed. That's why we pay such close attention to detail and provide award-winning support. Let's work together!

TESTIMONIALS

The relevance of ensuring proper ecommerce website security and protecting card holder data continues to be paramount for our organization, and we could not manage this process better without the reporting tools and excellent technical expertise provided by SecurityMetrics.

Jason Drake
Premiere Sports Travel

SecurityMetrics is an integral part of the team in our PCI program. We depend on the assessors to make sure that we stay on the compliance track. They do it with developing relationships across campus, discussing upcoming projects or application changes, and being available to us for consulting. They are knowledgeable, helpful and help us keep the campus engaged by their friendly demeanors.

Robbyn Lennon
University of Arizona

We have been customers of SecurityMetrics for about eight years. We are so impressed with the patient and professional way that their staff treats customers. They do not hurry, seem tired, act annoyed or too busy to work with their customers. Every person I spoke to was great!

Naomi Christman
The ProImmune Co, LLC

SecurityMetrics is the most retail friendly solution. At the small business level, frequently the person that has to interface with the tool is an owner or someone who has financial responsibility, but they may not necessary be technically savvy with using online tools. We believe SecurityMetrics meets that need better than anyone else we've seen.

Steve Methvin
Bozzutos

SecurityMetrics' Pen Testing has definitely helped us improve our network security in ways I could have never imagined. You just don't know what you don't know. I am absolutely confident in their team's abilities and my experience has led me trust them implicitly as a security partner. Their depth of understanding is impressive, and their professionalism is unmatched.

Morgan Leppink
Internet Ticketing Systems

We’ve been using SecurityMetrics for our onsite PCI audits for more than 10 years now. We have continued to come back and return to SecurityMetrics due to the value that has been supplied by them. SecurityMetrics has been around long enough now and they’ve been one of the top providers when it comes to PCI compliance, that I know they’re in it for the long haul.

Dawn Martinez
SVP, NewTek Merchant Solutions

Ready for PCI DSS solutions?

Request A Quote
Stay up to date
Subscribe to our blog.
Subscribe Now
Data Security
Vulnerability ScanningPenetration TestingSecurity TrainingPANscan®SecurityMetrics VisionSecurityMetrics MobileCIS Controls AssessmentConsultingResellerForensic/Incident ResponseData and Network SecurityData Security AcademyWebpage Integrity Monitoring (WIM)Shopping Cart InspectShopping Cart Monitor (PCI 6.4.3 & 11.6.1)SecurityMetrics Pulse
Compliance
GDPR CompliancePCI CompliancePCI DSS AuditPCI Level 4 ProgramPA-DSS/SSF AuditP2PE AuditPIN Security AssessmentPCI PoliciesPCI TrainingHIPAA ComplianceHIPAA PoliciesHIPAA TrainingHealth Network ProgramHITRUST
Company Info
About UsBlogGlossaryMedia RelationsCareersTerms of UsePrivacyAbuseDo Not Sell My Information
Contact
Contact UsReport a Vulnerability
SecurityMetrics podcast logoLinkedIn logoFacebook logo
© 2025 SecurityMetrics, Inc. All rights reserved.
Privacy PolicyTerms and Conditions
Your IP Address is:
YouTube logoSecurityMetrics podcast logoLinkedIn logoFacebook logo
Subscribe to our blog
Subscribe Now
© 2025 SecurityMetrics, Inc. All rights reserved.
Privacy Policy
|
Terms and Conditions
|
Your IP Address is:
000.000.000.000