Commissum

PCI DSS Testing & Compliance


Within the Payment Card Industry Data Security Standard (PCI DSS) twelve requirements are a number of mandatory testing requirements. In outline these are:

  • Quarterly Requirement:
    • Requirement 11.1 – Test for the presence of wireless access points
    • Requirement 11.2 – Internal and external network vulnerability scans
  • Annual Requirement:
    • Requirement 6.6 - Web application vulnerability testing
    • Requirement 11.3 – External and internal penetration tests annually and after any significant infrastructure or application upgrade or modification (including network-layer and application layer tests)

Commissum is able to provide a full range of services to cover all PCI DSS testing and scanning requirements. The standard prescribes that annual testing of applications and infrastructure must be conducted by personnel that are “organisationally separate from the management of the environment being tested” and “qualified.” As a long standing independent provider of penetration testing services and a CREST member company, Commissum is ideally placed to fulfil the stringent requirements of PCI DSS and any organisation seeking compliance with the standard.