PCI DSS Audit from Simply Lab

PCI DSS Audit from Simply Lab

The topic of PCI DSS standard requirements and the issue of verifying compliance with these requirements are among the most discussed at forums and conferences on security in the credit and financial sector today. Thus, within the framework of this article, we will not only consider the main theoretical aspects of this topic, but also provide general practical recommendations to those who plan to conduct a PCI DSS compliance audit.

Audit procedure

As part of the audit, several successive stages are carried out, which differ in complexity and duration.

Audit stages: Verification of documents and determination of the control zone. At this stage, the auditors analyze and verify the package of necessary documents of the client (the company acting as the audited client, in accordance with the requirements of the PCI DSS standard). These documents include: a network deck showing all connections made to the part of the network where data is stored, processed or transmitted, including information about cardholders, resource registration, standards and policies adopted by the company, documented procedures and processes.

    The control zone (area) includes:
  • All devices and parts of the network on which data containing information about payment card holders is stored, processed or transmitted;
  • All network segments and devices connected to these segments (including active network equipment).
The management zone can be quite large, especially if it is not divided within the corporate network and (in the case of a credit institution) does not use internal firewalls to separate the processing center from the rest of the bank's network. Using a special technique, the auditor makes a representative sample (selection) of devices that will be directly tested during the audit.

On-site conformity assessment (on-site audit). After the problem with the sample is eliminated and the verification of the necessary documentation is completed, the on-site inspection stage begins, that is, the stage of verifying compliance with PCI DSS requirements directly on site, that is, on the customer's territory. Auditors monitor the application of security methods and their compliance with PCI DSS requirements in accordance with audit procedures that include more than 230 checks.

Preparation and distribution of the report. After completing the on-site verification procedure, work begins on compiling a report. If the company meets all the requirements of the standard, the corresponding report is sent to the international payment system in which it operates (ROC for Visa Int. and COV for MasterCard Worldwide).

Drawing up a plan to eliminate inconsistencies. If at least one nonconformity is detected during the inspection, the company being checked develops a plan to eliminate nonconformities (action plan). This plan should specify specific dates for correcting the identified inconsistencies, as well as methods and measures that each of them plans to correct.

Contact us,
We are always open to dialogue and these are not just words!

Fill out the form or contact us in other convenient ways!

Support by E-Mail:
H-w telegram support:



Studying the problem

Study of the full terms of reference and problem statement


Technology stack reconciliation

Coordination of the technology stack and project design


Testing the work

Getting the result in the form of a finished product


  • All
  • Crypto Projects
  • Payment projects
  • Creatives

Wallex Pay

PCI DSS payment system.

Download the presentation


P2P cryptocurrency exchange service.

Download the presentation


Cryptocurrency Exchange and Terminal.

Download the presentation

Simply Keeper

Payment wallet for a payment institution.

Download the presentation


Organization of payments according to the PCI DSS standard.

Download the presentation


News aggregator.

Go to the website



  • Support is available in our Telegram Bot @rechuk