Most organizations underestimate the difficulty of sustained compliance to the rigorous requirements of the PCI Data Security Standard. Alchemy Security brings years of expertise, experience, and a considerable knowledge base to our clients. Organizations ill-prepared to meet compliance dates often face unplanned business disruptions, potential fines, and costly remediation efforts. Alchemy Security helps organizations minimize these consequences by providing full life cycle security services required for PCI Compliance. Services we provide on behalf of our clients include:

“Pre-audit” Compliance Gap Assessment Services

Performing a gap analysis is a great way to understand what types of audit findings may exist prior to the Qualified Security Assessor (QSA) performing the official assessment. It also serves as a pre-cursor to developing required strategic planning and remediation efforts.

PCI Strategic Planning & Remediation Services

This service assists our clients with developing a comprehensive actionable plan for remediating all identified gaps in a cost-effective manner.

PCI Infrastructure Architecture/Design

Defining compliance scope within the payment processing environment is critical to reducing costs. We provide network architecture, design, and implementation services to help our clients with this often difficult hurdle.

Firewall/Router Auditing

An often under-appreciated portion of PCI Compliance comes in the form of auditing in-scope firewalls and routers. Alchemy Security is well versed in auditing routing and firewall technologies.

On Demand Consulting Services

Need feedback on a proposed solution or some suggestions of where to look to solve the latest PCI challenges? Take advantage of our retainer package and pick the brains of some of the brightest minds within industry.

Scanning Services

PCI requires both internal and external vulnerability scans occur on a quarterly basis for all in-scope systems. Alchemy Security can assist with meeting this requirement by providing strategic guidance on tools and technology or by performing vulnerability scanning on your behalf.

Penetration Testing Services

PCI requires both internal and external penetration tests occur at least annually for all in-scope systems or when significant network changes occur. Alchemy Security can assist with meeting this requirement by performing network and application layer penetration tests.

Secure Code Reviews

PCI requires that custom code changes are reviewed by a qualified individual for all in-scope applications. Alchemy Security can support organizations who either don’t have the in-house expertise or available resources to review code changes.

Vulnerability Management Frameworks

Another key tenet of PCI requires organizations to implement a robust vulnerability management framework. We provide frameworks appropriate to the type and size of your organization , as well as the associated processes and procedures required to implement an effective vulnerability management program.


Alchemy Security provides training services for all training requirements noted within the PCI-DSS standard.

Policy Development

A security policy provides the overall framework of your information security program. We can help your organization get a jump start on developing a robust information security program leveraging time-tested policy frameworks. Once a framework has been identified, we will assist in custom-tailoring the framework to your specific environment.

Configuration Standards

PCI requires that all in-scope systems and applications have secure configuration (hardening) standards associated with them. Alchemy Security can help organizations craft standards that will meet this requirement as well as implement strategies to ensure that systems are maintained within the configuration standards. Areas of support include all major operating systems, databases, and associated network infrastructure devices.

Vendor Assessment/Product Evaluation Services

Vendor assessment and product evaluation services are designed to help our clients make the most out of their budgets while meeting both objectives of PCI as well as those for your business.

Self Assessment Questionnaire Support

Alchemy Security can provide support in helping organizations better understand the meaning behind the PCI DSS requirements and provide guidance on whether an existing control is sufficient for compliance while completing Self Assessment Questionnaires.