PCI ASV Approved Scanning Vendor

Your one-stop-shop for PCI compliance.

Many Approved Scanning Vendors (ASVs) have become automated and remote, with confusing support channels. Experience shows that a solid relationship with a proactive PCI ASV is critical to passing and maintaining PCI compliance.

Consultancy-led PCI ASV service

Elements of the PCI DSS requires that you perform quarterly external vulnerability scans via an Approved Scanning Vendor. Each of our post scan reports is reviewed by an ASV engineer, false positives removed, and you have direct access to technical expertise for remediation advice. We confirm that you’re free of vulnerabilities rated 4 or higher on the CVSSv2 scale and that compensating controls have been applied to mitigate vulnerabilities which cannot be remediated.

Our ASV Scanning process follows best practice and strict guidelines

Accurate scoping

It’s crucial to obtain a compliant scan. We provide the right guidance to ensure this is correct.

Scanning quality

We’re validated by the PCI SCC (Security Standards Council).

Remediation support

Interim reports are presented, should a scan not pass first time.

Dispute resolution

Technical expertise ensures any disputes are validated.

Unlimited rescans

Rescans are available until you arrive at a passing scan over a 30 day period. We’ll help you understand the results.

Reporting

Post scan we send a report confirming you’re free of known vulnerabilities above CVSS 4.0 and above (excluding Denial of Service vulnerabilities) and that compensating controls have been applied.

Why use Claranet Cyber Security for PCI scanning?

Maximum quality. Low cost.

Our engineers use a combination of manual and automated techniques to maximise the quality of your service, while being competitively priced per IP address per quarter.
Qualified personnel

Engagements are fulfilled by qualified, highly skilled, and experienced security engineers.
Customer support

We help customers by providing advice on recommended scope, based on current network architecture. We prioritise the solution, mitigate issues, and apply corrective actions in line with PCI DSS.

Assistance and advice will be provided to scan customers. We advise on the recommended scope, based on current network architecture and prioritise the solution, mitigate issues, and apply corrective actions in line with the PCI DSS.