Methodology of PA-DSS pre-assessment by SC2labs covers a series of actions aimed to achieve full compliance with the PA-DSS standard. We offer consulting services during each phase of the project, which allows to identity potential problems or show-stoppers in the initial phase and prevents costly changes. During the assessment SC2labs PA-DSS auditor will preliminary evaluate payment application and analyze required documents for compliance with PA-DSS. SC2labs also will assist in proper preparation and planning activities necessary for the efficient and effective implementation of the recommendations.
The audit is conducted by an accredited PA-DSS auditor. During the validation process, the application will be subjected to several tests that simulates real-world usage and evaluated for PA-DSS requirements. Application documentation and “PA-DSS Implementation Guide” is also the essential part of PA-DSS requirements. The Guide (providing instructions for customers and integrators on how to securely install and maintain the application) will be evaluated for accuracy, technical and operational correctness. PA-DSS assessment also requires audit of software development and support/troubleshoot procedures. The result of the audit is presented as “Report on Validation”, which is sent to the PCI SSC for final approval and authorization. Approved by the PCI Council’s payment application is placed on the “List of validated payment applications”.
SC2labs offers comprehensive guidance services, checking and documenting the correctness of the implementation of appropriate changes in the software according to the nature of change (minor, major changes) and PA-DSS requirements.