If you are a merchant, service provider, or subservice provider who stores, processes, or transmits cardholder data, you are required to comply with the PCI DSS.
“KirkpatrickPrice has made the audit process more efficient with the tools and partnership mentality that they bring to the table.”
– Director of Security, Compliance, and Technology, Connectria Hosting
Expertise is one of the best things we’ve gotten out of working with KirkpatrickPrice. Their auditors have been helpful in navigating through the audit and beyond. They’ve made themselves available as resources to assess the impact of changes to our controls and infrastructure.
– Security and Compliance Manager, CBOSS
Every time I leave an engagement with the KirkpatrickPrice team, I leave enlightened and it helps our organization mature towards the point we know we should be.
– CISO and VP of Cloud Operations, Health Catalyst
Whether you’ve never been through an audit or completed hundreds, our experts will prepare and empower you to successfully start and complete your audit. With access to our free learning platform, you can run scans, see what you’re missing, prepare documentation, and get access to experts and resources. Then when you’re ready, you can use the same platform to complete your audit. You don’t need extra tools to do an audit.
Our security experts have been in your shoes and know how overwhelming audits can be. Your dedicated specialist will walk you through the entire process from audit readiness to final report.
PCI is complicated, but we make sure it’s worth it. By the end of the process, you will be proud of the work you did and know that it will make a difference in gaining new clients, staying compliant, and protecting your people. Your Attestation of Compliance will prepare you to get on the list.
Starting a PCI audit is overwhelming.
Our Beginner’s Guide to PCI Compliance will prepare you to complete your audit successfully.
You know you need a PCI audit, but don’t know what to expect or how to get started. This guide will prepare you for what your auditors are looking for and how to confidently begin your PCI compliance journey.
Get the Guide
How much does a PCI audit cost?
Pricing for a PCI audit depends on scoping factors, including what type of organization you are, number of annual transactions, payment applications, physical locations, third parties, and audit frequency. Pricing will also vary based on the compliance level needed, inclusion of a gap analysis, or inclusion of additional remediation time.
How long does a PCI audit take to complete?
The average PCI audit can take anywhere from weeks to months, depending on your level of preparedness and staff’s availability for interviews and control demonstration. To satisfy the PCI-DSS requirements for an engagement, the auditor must validate scope, perform testing procedures, and document conclusions. These steps require time from the service organization’s management, which can be compressed or extended to meet your timeline needs. You can save time by leveraging the Online Audit Manager to maintain the audit evidence you need for compliance.
What do I receive when my PCI audit is complete?
PCI audits culminate in a final report to communicate confidence and assurance that mission-critical networks and physical environments are protected against the most damaging forms of threats. The components and formatting of PCI reports delivered by KirkpatrickPrice are based on guidelines provided by the PCI SSC and written by our in-house Professional Writing team.
How long is a PCI report valid?
PCI reports represent your controls from a period of time in the past. Typically, your clients will not accept a report issued more than 12 months ago because they want your testing to be relevant for their own audit period.
How often does a PCI audit need to be performed?
Industry standard is to schedule a PCI audit to be performed annually or when significant changes are made that will impact the control environment. Any frequency less than that will demonstrate a lack of commitment to compliance, plus it may cause distrust. Maintaining an audit process that covers each fiscal year will demonstrate a commitment to compliance and ongoing testing of controls, which ultimately contributes to the health of your organization.
Who is involved in a PCI audit?
In every PCI engagement, the Auditor is required by the PCI SSC to maintain communication with management and those charged with governance. Other team members involved in the audit could come from anywhere in your organization, ranging from IT to development to compliance officers – anyone with the appropriate responsibilities for and knowledge of the matters concerned in the audit.
Make Sure You’re Ready
Make sure you’re ready to face today’s threats confidently. Sign up to receive expert tips and guidance from our monthly newsletter, The Readiness Report, right in your inbox!
We’ve completed audits and security assessments for over 2,000 clients worldwide.
With locations in Atlanta, Bethesda, Chicago, Dallas, Los Angeles, Nashville, New York City, San Francisco, Seattle, and Tampa; KirkpatrickPrice experts are ready to help you achieve your goals.
4235 Hillsboro Pike
Nashville, TN 37215