Select regional store:

PCI DSS and Penetration Testing

Requirement 11 of the PCI DSS covers the need to regularly and frequently carry out tests to identify unaddressed security issues and scan for rogue wireless networks.

“Vulnerabilities are being discovered continually by malicious individuals and researchers, and being introduced by new software. System components, processes, and custom software should be tested frequently to ensure security controls continue to reflect a changing environment.” - PCI DSS

Regular testing is fundamental to ensuring that an organisation is prepared for the full range of attack types that companies have to face.

PCI DSS testing requirements

IT Governance provides all of the scanning, assessment and penetration testing requirements for PCI DSS compliance. We uniquely offer a combination of fixed-price and bespoke testing solutions, enabling you to choose the right option for your needs and budget.

Which penetration test do you need?

The PCI DSS sets out the following requirements for merchants and service providers:

Click here to enlarge >>


For further guidance on the different types of penetration tests, please see our information page explaining the levels of penetration tests >>



IT Governance is an approved QSA provider and CREST-accredited penetration testing provider with extensive experience and a solid track record.


Why use IT Governance?

  • Easily select the solution appropriate to your needs and budget from a range of fixed-price and bespoke options.
  • Rest assured in the knowledge that the work will be carried out to rigorous standards as mandated by CREST, of which IT Governance is a member, by qualified and knowledgeable individuals.
  • IT Governance is an approved PCI QSA company, which means we meet and exceed the business and technical requirements as specified by the PCI SSC.
  • Benefit from our extensive expertise in PCI and ISO 27001, which means we can help you cost-effectively integrate your ISMS with other security frameworks.
  • Take advantage of a vast range of PCI documentation toolkits, guides, publications, training and staff awareness courses that will help you build your knowledge and maintain compliance with the Standard.
  • Our independent and unbiased advice means we are not affiliated with software providers, and we leverage your existing technology where possible.

Choose a penetration test suitable for your PCI compliance requirements now.

This website uses cookies. View our cookie policy