Text size Increase Font-SizeDecrease Font-SizeReset Font-Size

ASV FEEDBACK FORM

This form is used to review ASVs and their work product, and is intended to be completed after a PCI Scanning Service by the ASV client. While the primary audience of this form are ASV scanning clients (merchants or service providers), there are several questions at the end, under “ASV Feedback Form for Payment Brands and Others,” to be completed as needed by Payment Brand participants, banks, and other relevant parties. This form can be obtained directly from the ASV during the PCI Scanning Service, or can be found online in a printable format at https://www.pcisecuritystandards.org.

Fields marked * are required.

Client Name (merchant or service provider) Approved Scanning Vendor company (ASV)

* *
* *
* *
* *
Business location where assessment took place ASV employee who performed assessment
* *
* *
* *

 

For each question, please indicate the response that best reflects your experience and provide comments.
5 = Strongly Agree             4 = Agree    3 = Neutral      2 = Disagree        1 = Strongly Disagree

Question

Select
One

Comments

1. During the initial engagement, did the ASV explain the objectives, timing, and review process, and address your questions and concerns?
2. Did the ASV employee(s) understand your business and technical environment, and the payment card industry?
3. Did the ASV employee(s) have sufficient security and technical skills to effectively perform this PCI Scanning Service?
4. Did the ASV sufficiently understand the PCI Data Security Standard and the PCI Security Scanning Procedures?
5. Did the ASV effectively minimize interruptions to operations and schedules?
6. Did the ASV provide an accurate estimate for time and resources needed?
7. Did the ASV provide an accurate estimate for scan report delivery?
8. Did the ASV attempt to market products or services for your company to attain PCI compliance?
9. Did the ASV imply that use of a specific brand of commercial product or service was necessary to achieve compliance?
10. In situations where remediation was required, did the ASV present product and/or solution options that were not exclusive to their own product set?
11. Did the ASV use secure transmission to send any confidential reports or data?
12. Did the ASV demonstrate courtesy, professionalism, and a constructive and positive approach?
13. Was there sufficient opportunity for you to provide explanations and responses during the scans?
14. During the review wrap-up, did the ASV clearly communicate findings and expected next steps?
15. Did the ASV provide sufficient follow-up to address false positives until eventual scan compliance was achieved?

Please provide any additional comments here.

 

ASV Feedback Form for Payment Brands and Others

This form is used to review ASVs and their work product, and is intended to be completed after a PCI Scanning Service as needed by Payment Brand participants, banks, and other relevant parties.
Information collected from the Feedback Form will be held in strict confidence and used for the sole purpose of improving the quality of service provided by the ASV.
This form can be obtained directly from the ASV during the PCI Scanning Service, or can be found online in a printable format at https://www.pcisecuritystandards.org.

Fields marked * are required.

ASV Client (merchange or service provider reviewed) Approved Scanning Vendor (ASV)

* *
Payment Brand Reviewer ASV employee who performed assessment
* *
* Employee ID Number
* *
* *

 

For each question, please indicate the response that best reflects your experience and provide comments.
5 = Strongly Agree             4 = Agree    3 = Neutral      2 = Disagree        1 = Strongly Disagree

Question

Select
One

Comments

1. The ASV clearly understood how to notify your payment brand about compliance and non-compliance issues, and the status of merchants and service providers.
2. No complaints were received about ASV activities related to this scan.
3. The ASV demonstrated sufficient understanding of the PCI Data Security Standard and the PCI ASV Program Guide.

Please provide any additional comments here.

 

 


Back to Top

The PCI Security Standards Council (the "Council") provides a variety of tools, questionnaires, guidance, FAQs, training resources and other materials and information to assist organizations seeking to achieve compliance with its standards (the "Standards"). Third party products and services are also available, but the Council does not endorse or recommend any such third party products or services, and advises all organizations seeking to achieve compliance to become familiar with the Standards and related requirements before purchasing third party products or services. Ultimately, all applicable requirements must be met in order to achieve compliance, regardless of whether or what third party products or services are used.