ASSESSMENT, TESTING, AND OTHER SECURITY REQUIREMENTS BDO has been accredited by the PCI Security Standards Council (SSC) as a Qualified Security Assessor (QSA) company. To comply with PCI requirements, our Advisory Services team helps our clients navigate the PCI framework and provides PCI and IT risk services to assist merchants, service providers, payment providers, hosting companies, web development organizations, cloud providers, eCommerce companies, and other third-party organizations.

BDOs specific, PCI related services include:

• Assessments of the environment and personnel that may be involved with processing, transmitting, storing, or impacting the security of cardholder data
• PCI readiness assessments based on formal PCI Data Security Standard (DSS) requirements, including gap reports of not-in-place items or issues that need to be addressed
• Required annual Reports on Compliance (ROCs) or Self-Assessment Questionnaires (SAQs)
• Attestations on Compliance (AOCs)
• Annual internal and external PCI-based penetration tests, as needed
• Application scans
• Evaluations of processes to comply with 12.8.x requirements, including assessments of third party service providers (TPSPs) as it aligns with PCI TPSP requirements