SchellmanCON is back! Join us for our virtual conference on March 6 & 7, 2025

Contact Us
Services
Services
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Sustainability Services
Sustainability Services
AI Services
AI Services
About Us
About Us
Leadership Team
Leadership Team
Corporate Social Responsibility
Corporate Social Responsibility
Careers
Careers
Strategic Partnerships
Strategic Partnerships

Services

Payment Card Assessments

We provide your organization a continuous view into your assessments that span across a suite of services, timelines, and business units by leveraging our unique blend of proprietary tools.

Contact a Specialist

PCI DSS Middle

Get more from your Payment Card Assessment

Our experts can help you make the most out of your payment card assessment by providing scoping assessments, readiness assessments, and on-site validations

  • Scoping Assessment Schellman will conduct interviews and review network, data flow documentation, and configuration information to help the client determine where cardholder data may exist. Additionally they will review network diagrams and configurations to identify segmentation utilized to reduce the scope of an assessment and document and confirm the scope for a subsequent PCI annual on-site validation.
  • Readiness Assessment Schellman will evaluate proposed architectures for alignment with the PCI and perform a high-level review of key controls in place. They will identify gaps and provide feedback on common “problem areas” for PCI including encryption, application development, logging, and policy management.
  • Annual Validation Schellman will conduct a thorough assessment against the current PCI DSS based on a defined testing methodology and quality assurance standards. They will issue a formal Report on Compliance (ROC) and Attestation of Compliance (AOC) for PCI assessments and Reports of Validation (ROV) and Attestations of Validation (AOV) for PA-DSS and P2PE engagements.

Learn more about us

PCI DSS Middle

Frequently Asked Questions

What do the PCI levels mean?

Is it important to have formally documented policies and procedures?

How often do we need to run vulnerability scans against our product?

Does PCI provide an Attestation of Compliance report?

How long should an organization retain data?

What our clients are saying

Working with some of the best organizations in the world, honest feedback is essential. We survey our clients after every engagement, and here is what some of them had to say:

Image
Quote
After working with this team on several engagements, I am always impressed with their level of flexibility and willingness to work through the assessments. The teams are easy to work with and are always available to provide guidance and education when needed."

PCI DSS Validation | Managed Service Provider

Image
Quote
As someone who has interacted with various audit organizations such as PwC, KPMG, EY, etc., the team at Schellman is always at a higher level in terms of knowledge/expertise, professionalism, and customer advocacy. With other audit firms, my experience has always been similar to driving without power steering where I am having to do more work and struggle to stay in my direction. With the Schellman team, it is like driving with not just power steering, but lane departure warning, collision avoidance braking, and blind spot indicators."

ISO 27001 Certification | Software Company

Image
Quote
I don't know what we would do without our partners at Schellman. They've done a great job supporting all our audits, ad-hoc requests, and providing a great level of service to everyone at our organization. We look forward to many more years of continued partnership."

SOC 1 Assessment | Management consulting services company

Contact a Specialist

Adam Bush

Adam is a Director at Schellman. Adam has a great depth of experience leading PCI engagements across multiple industry verticals, including merchants and service providers.

Meet Adam Contact Us

Don't see a service you're interested in? 

Talk to a Practice Leader