• You are here:  
  • Home /
  • Compliance /
  • PCI QSA Assessment Services
  • About Us
  • IT Services
  • AI
  • Compliance
  • Resources
  • Contact Us
  • Speaker Request
  • (888) 277-8320

    • Achieve Your Official PCI DSS Report on Compliance (ROC) with a Certified PCI QSA Company

    Validate your security controls and receive your official Attestation of Compliance (AOC) required by banks and card brands.

    Image

    From Readiness to Report on Compliance: The Next Step in Your PCI Journey

    You've prepared: you participated in a readiness assessment and performed remediations. Now you're ready to take the next step toward official assessment.

    Your Path to PCI DSS Compliance

    The primary objective of this assessment is to determine if your cardholder data environment (CDE) is compliant with the latest version of the PCI-DSS. The successful completion of this assessment will result in a Report on Compliance (ROC) and an Attestation of Compliance (AOC).

    Appalachia's QSA Process

    1. Planning & Scoping

    Planning & Scoping

    We partner with you to accurately define your Cardholder Data Environment (CDE) and confirm all in-scope components, personnel, and processes, ultimately creating the project plan.

    2. Assessment & Fieldwork

    Assessment & Fieldwork

    Our QSAs conduct an evaluation of controls through documentation review, technical testing, and personnel interviews.

    3. Reporting & Attestation

    Reporting & Attestation

    You will receive a draft of the ROC for review before issuing the final Report on Compliance (ROC) and the Attestation of Compliance (AOC)

    Contact us today to take the first step towards PCI compliance.

    Frequently Asked Questions (FAQ) for QSA Audits

    Q: Who needs to complete a Report on Compliance (ROC)?

    A: A ROC, validated by a QSA, is typically required for organizations that process, store, or transmit a large voume of cardholder data (ie. Level 1 Merchants). Your acquiring bank determines your specific reporting requirements.

    Q: What is the difference between the "Defined" and "Customized" approach in PCI v4.0?

    A: The Defined Approach is the traditional method of testing against the specific controls as written in the standard. The Customized Approach allows you to meet a requirement's objective with a custom control, which must be supported by a Targeted Risk Analysis (TRA) and validated by a QSA.

    Q: What do you need from our team during the audit?

    A: The key to a successful audit is collaboration. We will need access to documentation (diagrams, policies, etc), systems for technical validation, and key staff for interviews.

    Q: What happens if you find gaps?

    A: Our draft ROC will clearly document any findings. We cannot issue the AOC until all requirements for compliance are met. Appalachia can provide a separate team that can provide remediation support.

    News & Updates

    Appalachia Technologies Cited in Case Study with IT Glue
    APPALACHIA IN THE NEWS: Appalachia Technologies Cited in Case Study to Improve Efficiencies and Service Delivery   Improve and Evolve - this is one of the five Core Values of Appalachia Technologies and one we believe helps us to stay at the forefront of our industry.  Our Technical Assistance Center (TAC), while performing well and delivering quality service, was being challenged by processes for documentation that were manual and outdated.  Not satisfied with the current way of doing this, Chris Swecker, Manager of TAC, began to explore IT Glue.  IT Glue centralizes information, allowing for efficiencies in response time, accuracy, and client satisfaction.  As he explains, "IT Glue became our source of truth."  Chris and his team built on the success by incorporating additional tools to assist with password rotation and a client-side tool for password management and shared documentation.  
    Read More

    Contact Us

    Learn more about what Appalachia Technologies can do for your business.

    Appalachia Technologies
    5000 Ritter Road Suite 104
    Mechanicsburg, Pennsylvania 17055