PCI Compliance Audit FAQs
How much does a PCI audit cost?
Pricing for a PCI audit depends on scoping factors, including what type of organization you are, number of annual transactions, payment applications, physical locations, third parties, and audit frequency. Pricing will also vary based on the compliance level needed, inclusion of a gap analysis, or inclusion of additional remediation time.
How long does a PCI audit take to complete?
The average PCI audit, using KirkpatrickPrice’s process, is completed in 18 weeks. The engagement begins with scoping procedures, then moves into an onsite visit, evidence review, report writing, and concludes with the delivery of a PCI report. This timeline is extended when a gap analysis must be performed or when remediation takes longer than expected.
What do I receive when my PCI audit is complete?
PCI audits culminate in a final report to communicate confidence and assurance that mission-critical networks and physical environments are protected against the most damaging forms of threats. The components and formatting of PCI reports delivered by KirkpatrickPrice are based on guidelines provided by the PCI SSC and written by our in-house Professional Writing team.
How long is a PCI report valid?
The opinion stated in a PCI report is valid for twelve months following the date the report was issued.
How often does a PCI audit need to be performed?
Industry standard is to schedule a PCI audit to be performed annually or when significant changes are made that will impact the control environment. Any frequency less than that will demonstrate a lack of commitment to compliance, plus it may cause distrust.
Who is involved in a PCI audit?
In every PCI engagement, our Information Security Auditors are required by the PCI SSC to maintain communication with management and those charged with governance. Other team members involved in the audit could come from anywhere in your organization, ranging from IT to development to compliance officers – anyone with the appropriate responsibilities for and knowledge of the matters concerned in the audit.