PCI Service Provider Quarterly Review

PCI service providers must conduct quarterly reviews to confirm personnel are following security policies and operational procedures.

PCI service provider quarterly review

Starting in 2018, all Payment Card Industry (PCI) service providers are required to implement and conduct these reviews to pass their PCI assessment. With this service, RSM helps you establish a process to meet this requirement. This is especially helpful for organizations who lack the capacity or specific training to complete these reviews themselves.

RSM’s PCI Qualified Security Assessors (QSAs) can help your organization meet PCI Data Security Standard v3.2 requirement 12.11 by conducting quarterly reviews. These reviews provide assurance that your employees are following established policies and procedures, helping you confirm that compliance efforts are supported throughout the organization. To the extent that they are not, the reviews give you an opportunity to take corrective measures.

At a minimum, these reviews must cover:

  • Performing daily log reviews
  • Reviewing firewall rulesets
  • Applying configuration standards to new systems
  • Responding to security alerts
  • Following change management processes

Because many service providers may be unable or unsure of how to complete these required reviews on their own, RSM can conduct these reviews on behalf of the organization. This will help ensure the reviews meet the intent of the requirement. RSM can also train your personnel to conduct the reviews internally so that the organization can implement a repeatable process for maintaining compliance.


How can we help you?

Contact us by phone 800.274.3978 or
submit your questions, comments, or proposal requests.


Complete our Cybersecurity Rapid Assessment form to be contacted about receiving our "quick-hit" evaluation of your organization’s overall security risk.

Learn more