Get help with PCI 6.4.3 and 11.6.1
Learn More
Home
PCI Compliance
Assessment
Two PCI audit experts work together in a server room

PCI DSS 4 Onsite Assessment

Pass your PCI 4 audit on schedule.

Price Range Calculator
Jump to Section
Summary
Features
How it Works
FAQ
Resources
Why SM

Get Expert Guidance on your PCI Assessment

Why would you risk working with inexperienced assessors? Our experts guide you through your PCI assessment–making your life much easier.

SecurityMetrics has been around since the beginning of the PCI DSS. Using over 20 years of auditing experience, you get crafted a process that simplifies and streamlines your work. SecurityMetrics participates in the PCI Council’s GEAR meetings and holds credentials like: QSA, QPA, PFI, ASV, CISSP, CISA, CCSFP, SSF, SSL. You're in good hands.

PCI DSS version 4.0.1 Assessment Features

Your PCI DSS Assessment includes:

A PCI audit coordinator to help ensure you hit deadlines on time.

Proper PCI scoping to help you avoid potential roadblocks

Software to help you never miss another PCI audit task.

A focus to help you pass your PCI audit the first time.

A QSA that pays attention to you so you can get your needs addressed quickly.

Auditors that aren't overbooked so you can get the attention you deserve.

Pre-audit consulting to help you know what's needed to pass your audit.

A QSA that will help you understand how changes affect your PCI compliance now and moving forward.

Get key insights from our team of PCI experts

Pass your PCI audit on schedule

Identify and solve your security needs

Benefit from a custom audit experience based on SecurityMetrics’s years of experience and comprehensive scoping process. With an in-depth understanding of the PCI 4.0 landscape and assessment methods, you can experience responsive guidance before, during, and after your PCI assessment.

Learn from an expert QSA perspective

Be confident in your PCI assessment, knowing that SecurityMetrics QSAs continuously study the latest security trends, so you don’t have to. SecurityMetrics QSAs have completed thousands of PCI DSS audits over the years, ensuring you won’t just get a surface-level assessment. With the full attention of the SecurityMetrics team, you will experience the peace of mind that your issues and vulnerabilities will be addressed and deadlines met.

Get the advice you need with PCI consulting

If you’re not ready for a PCI assessment but want to speak to an expert about your environment, SecurityMetrics now offers PCI Consulting. When you partner with SecurityMetrics for a PCI Consultation, you get:

  • The latest PCI v.4.0 advice
  • Scope Reduction Consulting
  • PCI Gap Analysis (as part of our consulting)
  • Reports with answers to your specific questions

SecurityMetrics QSAs are seasoned professionals with extensive experience in all aspects of PCI, so you can ask in-depth questions and get insightful advice.

Enjoy an on-time PCI 4.0 audit

You shouldn’t have to feel stressed about a looming PCI assessment deadline. SecurityMetrics provides you with a robust project management tool to keep everyone on task and help you:

  • Stay organized by ordering messages and tasks by the requirement they are associated with.
  • See which stage you’re at in your assessment using the project visualization tool.
  • Download reports from your QSAs.
  • Assign team members specific tasks as their administrator, leaving comments on tasks so everyone is informed.
  • Guide your efforts to close your compliance gaps and prepare for your compliance validation assessment.

Stop shopping cart eskimming

Make PCI compliance a breeze with SecurityMetrics Shopping Cart Monitor. Monitor helps you comply with PCI requirements 6.4.3 and 11.6.1. Monitor uses SecurityMetrics Award-winning and patented Webpage Integrity Monitoring Technology. This means less worry and faster PCI compliance.

PCI Assessment Timeline Steps

01

Gap analysis

During this phase, knowledgeable SecurityMetrics QSAs complete an initial gap analysis of your organization's compliance status. After the gap analysis is completed, feedback and remediation checklist items will be shared with you in our online project management tool. Your SecurityMetrics QSAs are dedicated to helping you reach compliance and become fully secure, not to make you feel guilty for any gaps you might have.

02

PCI validation assessment

Your QSA will either work with you remotely to collect evidence or make an in-person visit to your location to assess your compliance to the PCI DSS standard. Your SecurityMetrics audit coordinator makes sure you meet deadlines by moving along your assessment in a timely manner.

03

Remediation and retesting

SecurityMetrics QSAs work with you to fix areas of non-compliance, expediting the retesting process to ensure a timely assessment.

04

Submitting Your AOC and ROC

After remediation and retesting, SecurityMetrics will submit your attestation of Compliance (AOC) and Report on Compliance (ROC) to any required parties, such as the card brand or merchant bank.

SecurityMetrics QSAs have performed 2000+ audits, mastering the audit process

Many of our customers asked us these questions, hopefully they help you too.

As a merchant or service provider, what type of PCI assessment applies to me?

For Level 1 merchants, which are organizations that do over 6,000,000 transactions annually, they are required to complete a PCI Assessment. For Level 2 merchants, which are organizations who do 1,000,000 - 5,999,999 transactions annually, it’s recommended they complete a PCI assessment, but not required unless they have been instructed to do so by a major financial institution. Level 3 and 4 merchants, which are organizations who do 1,000,000 - 20,000 transactions annually, are only required to find and fill out the proper SAQ that applies to their business.

For Level 1 Service Providers, who store, process, or transmit more than 300,000 credit card transactions annually, a PCI assessment is required. For Level 2 Service Providers, who store, process, or transmit less than 300,000 credit card transactions annually, an SAQ D-SP is required. However, in some instances, a Level 2 Service Provider may be asked to complete a PCI assessment.

Will you help me understand what the PCI assessment process looks like?

First we’ll walk you through PCI scoping questions to determine the extent of your PCI needs. Your PCI assessment begins with an initial audit review to determine what compliance requirements you already have in place and what you need to resolve. Then your SecurityMetrics QSA will perform an assessment, either in-person or virtually. After that, you’ll go through remediation and retesting our QSA will go through any areas of noncompliance that remain and and provide insight on what is needed to meet the requirement. Lastly, SecurityMetrics will submit an Attestation of Compliance to the necessary parties and you are done!

How do I get started with a PCI assessment through SecurityMetrics?

Start by talking with one of our account executives to discover your needs and do the proper scoping for your organization. Once we’ve established where you’re at and where to start, a PCI audit coordinator will help you meet with an assigned QSA to conduct an initial audit review. From there the PCI process will continue as outlined above.

What should I expect during a PCI assessment?

PCI assessments require a lot of detailed work and can take time, but your QSA will work with you to stay on budget and on schedule. The more preparatory work you do before your assessment, including documenting processes and knowing how your network and system are set up, the quicker and simpler your audit will be.

What's the end deliverable of a PCI assessment?

It depends on what your end goals for compliance are and what SecurityMetrics involvement is in your process. If we’re helping become PCI compliant from start to finish, then after remediation and retesting, SecurityMetrics will submit your attestation of Compliance (AOC) or Report on Compliance (ROC) to any required parties, such as the card brand or merchant bank, and you will be PCI complaint.

How will I be supported during a PCI assessment?

Our team at SecurityMetrics is dedicated to supporting you before, during, and after your PCI assessment. From the initial scoping and PCI audit review, to the PCI assessment, and finally delivery of your ROC, you’ll have guidance and expertise in your corner each step of the way. Your PCI audit coordinator will guide you through each phase, our QSAs are never overbooked so they can focus on you, and our knowledgeable technical support is available for any issues you're facing.

How is SecurityMetrics different from other PCI assessment providers?

SecurityMetrics offers a specialized experience for PCI with over 20 years of experience. We are the gold standard in PCI compliance, providing a tailored approach that’s been crafted over the years.

Our assessors and audit team are never overbooked so that you can receive the dedicated care and specific guidance you need. They are also informed by our Penetration Testing and Forensic Investigation teams to know the latest trends and attacks with the goal of helping you become secure. Our thorough approach will help you avoid common compliance roadblocks by receiving proper scoping.

SecurityMetrics also has a comprehensive suite of compliance and cybersecurity tools that assist with training, documentation, vulnerability scanning, card data discovery, penetration testing and more like Shopping Cart Monitor and Shopping Cart Inspect.

Our specialists will lighten your workload with hands-on assistance, ensuring you feel confident and secure throughout the process.

What are some companies that recommend SecurityMetrics for a PCI assessment?

Over 800,000 businesses, merchants, and entities have safeguarded their organizations with SecurityMetrics. Notable companies like JetBlu, Denny’s, and BambooHR recommend our services to their clients each year as we lighten the workload and protect the sensitive data of our clients. Check out this case study to see how SecurityMetrics made a big impact for USC and their cybersecurity.

Is SecurityMetrics secure?

As industry-leaders in cybersecurity, we pride ourselves on our dedication to keep organizations and their customers safe. We take every precaution when protecting our clients data and ensure they are equipped to do the same for their companies. We implement the necessary requirements in PCI and SOC 2 type II certification to achieve a higher level of safety for our customers.

How much does a PCI assessment cost?

A PCI assessment can range widely in cost. On the low end, for a simple environment, a PCI audit can start at $15k. Complex audits can cost $75k+ depending on how many locations you have, how many parties need to be audited, and how complex your network is.

Hop on a quick call with SecurityMetrics to get a more accurate estimate of what a PCI audit would cost you.

Can I get a quote for a PCI assessment?

Yes, getting a quote is easy! Simply enter your info in the form above and one of our team members will get in touch with you to gather more info and get you your quote.

Resources

The following are related resources that we have prepared for you. Find more answers to your questions in our Learning Center.

download
PCI Onsite Audit
Data Sheet
download
How USC Boosted Security Credibility
Case Study
download
Carnegie Mellon University Case Study
Case study
download
Anedot’s PCI Audit Experience
Case Study
download
InfoSend’s PCI Audit Experience
Case Study
play_arrow
Get Ready for a PCI DSS v4.0 Audit
Webinar
play_arrow
What to Expect from a PCI v4.0 Assessment
Webinar
download
SecurityMetrics Guide to PCI Compliance
Guide

Why choose SecurityMetrics?

Get fully-supported PCI compliance

Learn to get PCI compliant without the confusion–even if you're new to PCI.

If your business accepts, stores, or transmits card data, PCI DSS compliance validation is required by card brands such as Visa, American Express, Mastercard, and Discover.

editor_choice
Award-winning PCI support
Get help with a pre-onsite gap analysis, onsite assessment, remediation assistance, to a delivered PCI Report on Compliance.
sync_saved_locally
Tools to simplify compliance
Get tools to simplify  the compliance process including: scanning, penetration testing, card data discovery, security policies, and security training.
groups
Partner with a full-service vendor
We are one of only a few vendors worldwide that hold credentials for all aspects of PCI compliance.
sell
Straightforward pricing
Your PCI scope is evaluated based on your needs, avoiding unnecessary add-on charges.

Recognition for Outstanding Work

SecurityMetrics has worked hard over the years to provide outstanding products and services. Here are some of the awards the team has won.

The Golden Bridge Award 2020 Gold logo
Global Infosec Award Winner 2024 Logo
Cybersecurity Excellence Award Winner 2023 Logo

20+ years of experience

QSA | PFI | ASV | P2PE | SSF | SLC | 3DS | QPA | PCIP

PCI Qualified Security Assessor logo
HITRUST Authorized CSF Assessor logo
CISSP logo
HCISPP logo
CISA logo

See how we've helped our clients succeed

When you succeed, we succeed. That's why we pay such close attention to detail and provide award-winning support. Let's work together!

TESTIMONIALS

The relevance of ensuring proper ecommerce website security and protecting card holder data continues to be paramount for our organization, and we could not manage this process better without the reporting tools and excellent technical expertise provided by SecurityMetrics.

Jason Drake
Premiere Sports Travel

SecurityMetrics is an integral part of the team in our PCI program. We depend on the assessors to make sure that we stay on the compliance track. They do it with developing relationships across campus, discussing upcoming projects or application changes, and being available to us for consulting. They are knowledgeable, helpful and help us keep the campus engaged by their friendly demeanors.

Robbyn Lennon
University of Arizona

We have been customers of SecurityMetrics for about eight years. We are so impressed with the patient and professional way that their staff treats customers. They do not hurry, seem tired, act annoyed or too busy to work with their customers. Every person I spoke to was great!

Naomi Christman
The ProImmune Co, LLC

SecurityMetrics is the most retail friendly solution. At the small business level, frequently the person that has to interface with the tool is an owner or someone who has financial responsibility, but they may not necessary be technically savvy with using online tools. We believe SecurityMetrics meets that need better than anyone else we've seen.

Steve Methvin
Bozzutos

SecurityMetrics' Pen Testing has definitely helped us improve our network security in ways I could have never imagined. You just don't know what you don't know. I am absolutely confident in their team's abilities and my experience has led me trust them implicitly as a security partner. Their depth of understanding is impressive, and their professionalism is unmatched.

Morgan Leppink
Internet Ticketing Systems

We’ve been using SecurityMetrics for our onsite PCI audits for more than 10 years now. We have continued to come back and return to SecurityMetrics due to the value that has been supplied by them. SecurityMetrics has been around long enough now and they’ve been one of the top providers when it comes to PCI compliance, that I know they’re in it for the long haul.

Dawn Martinez
SVP, NewTek Merchant Solutions

Ready for PCI DSS solutions?

Request A Quote
Stay up to date
Subscribe to our blog.
Subscribe Now
Data Security
Vulnerability ScanningPenetration TestingSecurity TrainingPANscan®SecurityMetrics VisionSecurityMetrics MobileCIS Controls AssessmentConsultingResellerForensic/Incident ResponseData and Network SecurityData Security AcademyWebpage Integrity Monitoring (WIM)Shopping Cart InspectShopping Cart Monitor (PCI 6.4.3 & 11.6.1)SecurityMetrics Pulse
Compliance
GDPR CompliancePCI CompliancePCI DSS AuditPCI Level 4 ProgramPA-DSS/SSF AuditP2PE AuditPIN Security AssessmentPCI PoliciesPCI TrainingHIPAA ComplianceHIPAA PoliciesHIPAA TrainingHealth Network ProgramHITRUST
Company Info
About UsBlogGlossaryMedia RelationsCareersTerms of UsePrivacyAbuseDo Not Sell My Information
Contact
Contact UsReport a Vulnerability
SecurityMetrics podcast logoLinkedIn logoFacebook logo
© 2025 SecurityMetrics, Inc. All rights reserved.
Privacy PolicyTerms and Conditions
Your IP Address is:
YouTube logoSecurityMetrics podcast logoLinkedIn logoFacebook logo
Subscribe to our blog
Subscribe Now
© 2001–2025 SecurityMetrics, Inc.
All rights reserved.
Privacy Policy
|
Terms and ConditionsAbout us
|
Your IP Address is:
000.000.000.000