PCI Security Standards Council®

Point-to-Point Encryption Assessors

Organizations qualified by PCI SSC to validate P2PE Solutions and P2PE Components on behalf of P2PE Vendors are referred to as Qualified Security Assessor P2PE Companies (QSA (P2PE) Companies), Organizations qualified by PCI SSC to validate P2PE Applications on behalf of Vendors are referred to as Payment Application Qualified Security Assessor P2PE Companies (PA-QSA (P2PE) Companies).The quality, reliability, and consistency of a QSA (P2PE) Company and/or PA-QSA (P2PE) Company’s work provide confidence that the P2PE Solution, P2PE Component and/or P2PE Application has been validated for P2PE compliance

This form is used to review P2PE Assessors and their work product, and is intended to be completed by the client, after a PCI P2PE Assessment.

Information collected from the Feedback Form will be held in strict confidence and used for the sole purpose of improving the quality of service provided by the P2PE Assessor.

Fields marked * are required.

Client (P2PE Solution Provider or P2PE Application Vendor) P2PE Assessor Company
*
Title P2PE Contact Title
Location of Assessment QSA (P2PE) / PA-QSA (P2PE) Employee(s) who performed Assessment
*
Certificate Number
Country
Postal Code

 

For each question, please indicate the response that best reflects your experience and provide comments.
5 = Strongly Agree             4 = Agree    3 = Neutral      2 = Disagree        1 = Strongly Disagree

Question

Select
One

Comments

1.During the initial engagement, the P2PE Assessor explained the objectives, timing, and review process, and addressed your questions and concerns.
2.The P2PE Assessor Employee(s) understood your business and technical environment, as well as the cardholder data environment.
3.The P2PE Assessor Employee(s) had sufficient security and technical skills to effectively perform this assessment.
4.The P2PE Assessor sufficiently understood the P2PE Standard and all related requirements and assessment procedures.
5.The P2PE Assessor effectively minimized interruptions to operations and schedules.
6.The P2PE Assessor provided an accurate estimate for time and resources needed.
7.The P2PE Assessor provided an accurate estimate for report delivery.
8.The P2PE Assessor did not attempt to market products or services for your company to attain P2PE Solution validation.
9.The P2PE Assessor did not imply that use of a specific brand of commercial product or service was necessary to achieve compliance.
10.In situations where remediation was required, the P2PE Assessor presented product and/or solution options that were not exclusive to their own product set.
11.The P2PE Assessor used secure transmission to send any confidential reports or data.
12.The P2PE Assessor demonstrated courtesy, professionalism, and a constructive and positive approach.
13.There was sufficient opportunity for you to provide explanations and responses during the assessment.
14.During the review wrap-up, the P2PE Assessor clearly communicated findings and expected next steps.
15.The P2PE Assessor provided sufficient follow-up during your company’s remediation efforts until eventual compliance was achieved.
Please use the space below to provide any additional comments here about the P2PE Assessor, your assessment experience, or the P2PE documents.



 

P2PE Assessor Feedback Form for Payment Brands and Others

This form is used to review P2PE Assessors and their work product, and is intended to be completed after a PCI P2PE Assessment as needed by Payment Brand participants, banks, and other relevant parties.Information collected from the Feedback Form will be held in strict confidence and used for the sole purpose of improving the quality of service provided by the P2PE Assessor.This form can be obtained directly from the P2PE Assessor during the assessment, or can be found online in a printable format at https://www.pcisecuritystandards.org.

Fields marked * are required.

Client
(P2PE Solution Provider or P2PE Application Vendor reviewed)
P2PE Assessor Company
* *
Payment Brand Reviewer QSA (P2PE) / PA-QSA (P2PE) Employee(s) who performed Assessment
* *
* Certificate Number
*
*

 

For each question, please indicate the response that best reflects your experience and provide comments.
5 = Strongly Agree             4 = Agree    3 = Neutral      2 = Disagree        1 = Strongly Disagree

Question

Select
One

Comments

1.The P2PE Assessor clearly understood how to notify your payment brand about compliance and non-compliance issues, and the status of merchants, service providers and vendors.
2.The payment brand had a positive and professional experience with the P2PE Assessor.
3.The P2PE Assessor demonstrated sufficient understanding of the P2PE Standard and all related requirements and assessment procedures.
4.The P2PE Assessor appropriately documented the results related to their findings.
5.From your understanding, the P2PE Assessor appropriately scoped the assessment.


 

Powered By OneLink