NL +31 (0)20 4232420 / SP +34 937 379 542

PCI Continuous Compliance

Reduce your PCI DSS audit time and expense.
Subscription-based service

PCI Continuous Compliance

Reduce your PCI DSS Audit time and expense.
Subscription-based service

What is PCI Continuous Compliance?

Our PCI DSS continuous compliance service is a subscription-based service. It offers an attractive and effective method of validating for PCI-DSS and having access to a QSA during the annual cycle. You are guided through the periodic tasks, to help you to keep track of them and that they are available during the compliance period to deal with any issues or questions that come up.

Ensure your path towards PCI Compliance is smooth

To help companies validating for PCI compliance we developed our Continuous Compliance program, by implementing periodic sessions, checks and meetings to track the PCI DSS Compliance Program activities and to ensure that they are being carried out. With this service validating for PCI DSS and remaining compliant becomes much easier.

Penetration test meeting compliance

Direct PCI QSA specialized support

The service ensures the availability of a PCI consultant or QSA for any queries during the PCI maintenance management cycle. In addition, any new project or change affecting the PCI scope environment can be pre-analyzed in terms of impact and implemented with the assurance that it is aligned with the requirements of the standard.

Penetration test

Subscription-based service. Fixed costs

This model is based on a fixed monthly fee, so you can budget the PCI DSS project during the start of the cycle.

Penetration test

Periodic meetings with a PCI QSA

Periodic coordination by a QSA trains the organization’s resources involved in the dynamics of PCI management and is naturally assimilated within its performance. This is especially important in organizations without resources dedicated to this purpose. This meeting can also be used to discuss any new projects that may impact the cardholder data environment or the way payments are carried out.

Penetration test

PCI annual assessment at the end of the cycle

Included in the monthly fee is the annual PCI annual assessment. Either the evidence and the full SAQ is checked, or if a Report on Compliance (ROC) is needed, the full audit will be performed. This results in an Attestation of Compliance (AOC).

Penetration test

Ensures the feasibility of the following PCI certification

The risks of not passing the next PCI audit are minimized, as the service ensures that periodic checks have been executed correctly and in time, and that the associated results (of which evidence must be presented during the audit) are compliant with those required by PCI DSS.

Penetration test

Reduces PCI audit process times

Customers and/or acquiring Remediation times and efforts in evaluation processes are drastically reduced. This results in the AOCs recertification and validity deadlines being guaranteed, avoiding unnecessary tensions with entities.

Penetration test

Gradual reduction in the cost of service

The cost and effort associated with this service can be reduced in the following PCI certification cycles, relegating the comprehensive coordination and review required in the initial cycles to regular monitoring of PCI maintenance activities and QSA support.

Companies using our PCI Continuous Compliance service

Why work with Fortytwo?

Engaging Fortytwo for PCI DSS compliance gives you access to calibrated expert advice that ensures that you neither over, nor under-invest in your PCI compliance efforts as advice is run by multiple Qualified Security Assessors (QSAs) with different areas of expertise. Work with Fortytwo and you’ll benefit from:

Penetration test


We have long-held and deep experience in cyber security transformation across financial services, retail, travel industry, media and other sectors.

Penetration test


Our team holds a range of accreditations including QSA, CISSP, CCSA and CISA.


Our online database gives access to templates and example documents that provide useful tools and tips on PCI compliance. Our security knowledge base is continuously up-to-date, provided with the current development and based on customer feedback.


We see ourselves as your trusted advisor and a critical part of your in-house team. Since we have the necessary resources to complement your every security need, we are able to keep your efforts focused while providing you with as much as little consultative expertise as you need.


We provide value to our clients on a consistent, ongoing basis and we are proud of our long-term client relationships.


We believe in empowering our clients. The more knowledge transfer occurs during our engagement, the more value our customers recognise. Our team fully discloses the methods, tools, and configurations used to perform analysis work for our customers in the hope that they can easily adopt our processes for their future benefit.


We strongly believe in providing easy to understand guidance and reporting. The PCI DSS rules may seem simple and straightforward, but on second sight, they are often regarded as complex and open for discussion. Our PCI DSS QSAs assist in explaining these auditor guidelines and provide guidance on how to implement them.


We truly care for your data security. Always providing and delivering professional, helpful, high quality service and assistance before, during and after your requirements are met.

How we work

Our Continuous Compliance program will be adjusted to your companies’ specific needs.
There will be periodic meeting to check on ongoing projects and PCI related topics,
and quarterly meetings to check recurrent tasks, security incidents, vulnerabilities and
PCI-related changes.
This will ensure the pre-audit (Gap analysis and audit planning) goes smooth.
After the remediation, the PCI Annual assessment will follow.

The monthly fee depends on the needs of the organization.
Included are the 4-mandatory quarterly ASV scans and the annual PCI audit.
We also offer annual penetration testing for an attractive price.

Create Custom Continuous Compliance Program

We will work together to create a custom Continuous Compliance Program.

Periodic Meetings & Quarterly Meetings

Together with our experts and your team, we hold periodic meetings to check on ongoing projects and PCI related topics. During the quarterly meetings, we will check recurrent tasks, security incidents, vulnerabilities and PCI-related changes.


We will perform the Gap analysis and create the audit planning.


After the remediation period, the PCI DSS Audit can start and the gathering of accurate information to satisfy PCI DSS compliance. The evidence and the full SAQ is checked. If a Report on Compliance (RoC) is needed, the full audit will be performed. During this phase, the Attestation of Compliance (AOC) is generated

Want to Reduce Your PCI Audit Time and Expense?