Wonder Twins, Activate!
We save you time and money by auditing P2PE and PIN together.
It’s no secret that entire sections of both P2PE and PIN are based directly on the same ANSI, PCI and NIST standards (X9.24-1, X9.24-2, TR-31, TR-34, PCI PTS, FIPS 140-2). The common sources are so obvious that for years both standards had the same typos! In the upcoming version of P2PE (v3.0), due in late 2020, the standards will even be renumbered to align common controls.
ControlScan knows that many entities responsible for P2PE must also obtain PIN audits. This is common for key injection facilities (KIFs), certification and registration authorities (CAs/RAs), large merchants and processors. For that reason, we deliberately built our QSA (P2PE) and QPA practices on the same methodology, consolidated action items (where possible), and common evidence collection platform to deliver a streamlined consolidated audit process.
Engage ControlScan for a consolidated P2PE and PIN audit, and you will work with a senior-level consultant who is certified to both standards, giving you a single point-of-contact, a single audit timeline to expedite your compliance assessment process, and pricing that reflects this more efficient approach.
P2PE & PIN Consolidated Assessment
A senior-level, dual-certified Qualified Security Assessor for P2PE, or QSA(P2PE), and Qualified PIN Assessor (QPA) will conduct an onsite review of all in-scope systems and processes for both PIN and P2PE. After limited remediation, two full reports are drafted: the P-ROV/P-AOV and the PIN ROC/AOC. Allow 30-45 days for review and acceptance of P2PE reports by PCI Assessor Quality Management.