GDPR.ie’s ASV scanning service makes vulnerability scanning for PCI DSS compliance simple, no matter how complex your environment might be.

The regular scanning delivered by our ASV service ensures sustainable compliance while highlighting vulnerabilities in your externally facing systems as soon as they occur for rapid remediation.

PCI DSS requires many Level 1 and 2 merchants and service providers to undertake quarterly external vulnerability scans, which must be performed by an Approved Scanning Vendor (ASV). ASVs are approved by the Payment Card Industry Security Standards Council (PCI SSC) to conduct scans for Payment Card Industry Data Security Standard (PCI DSS) compliance purposes.

While ASV scanning is similar to other types of external vulnerability assessments, PCI ASV scans are a crucial to achieving and maintaining PCI DSS compliance by identifying system vulnerabilities that could lead to the compromise of payment card data. These scans contribute to a more secure cardholder data environment and enhance overall cybersecurity.

GDPR.ie’s experienced testers employ a logical approach to ASV scanning and help you fix the vulnerabilities we find.

Scope identification

GDPR.ie’s Qualified Security Assessors (QSAs) work with you to define the scope of the scan, based on your unique cardholder data environment (CDE).

Scan configuration

GDPR.ie’s security testers configure the scanning tools to run against the external perimeter of the identified scope.

Scan execution

GDPR.ie runs monthly ASV scans, probing your externally facing systems and networks for potential vulnerabilities, misconfigurations and security weaknesses that could lead to a successful cyber-attack.

Vulnerability assessment

Our scanning tools identify vulnerabilities and provide information about their severity and potential impact on your organisation’s security.

Scan reporting

Our ASV tooling compiles the results into a comprehensive scan report. This report includes details about each identified vulnerability, its severity level, and recommended remediation steps.

Remediation support

GDPR.ie’s experienced security testers are on hand to provide advice and support in remediating identified vulnerabilities.

Rescan (if required)

If the initial scan reveals vulnerabilities, your organisation should take steps to remediate them. PCI DSS requires rescanning to confirm that high-risk vulnerabilities have been resolved; something we do at no additional charge.

Attestation of Scan Compliance (ASV Scan Report)

Once you have achieved a passing scan, we will issue an Attestation of Scan Compliance (ASV scan report) to demonstrate compliance with PCI DSS requirements.

➜ PCI SSC Approved Scanning Vendor (ASV)
GDPR.ie is an Approved Scanning Vendor, authorised by the PCI SSC to perform ASV scans for PCI DSS compliance.

➜ Expert penetration testers at your service
Our scans are run and supported by our expert penetration testers, on hand to support you through the scanning and remediation process.

➜ Online penetration testing portal
GDPR.ie’s online testing portal provides instant control of your vulnerability assessment programme. Plan and schedule scans, find and fix vulnerabilities, customise reports and dashboards, track and compare results. Our intuitive platform makes finding, fixing and managing vulnerabilities simple.

➜ Clear, concise reporting
Our transparent reporting shares findings in a clear manner, providing you with the insights needed to understand and address vulnerability scan results.