PCI DSS compliance assessments
Assessments and audits against the Payment Card Industry Data Security Standard, including network segmentation testing and gap analyses — done with a clear understanding of how payment environments work in practice.
Comtis is an independent security consultancy. We help organisations achieve and maintain PCI DSS and ISO/IEC 27001 compliance, and we verify the resilience of their systems through professional penetration testing.
From compliance strategy to hands-on verification — focused expertise across four areas.
Assessments and audits against the Payment Card Industry Data Security Standard, including network segmentation testing and gap analyses — done with a clear understanding of how payment environments work in practice.
Support in implementing and maintaining Information Security Management Systems based on ISO/IEC 27001 and the broader ISO/IEC 27000 family — from risk assessment to certification readiness.
Controlled security testing of infrastructure, web applications, and cloud environments. Findings come with severity ratings, evidence, and remediation guidance that engineering teams can act on.
Advisory for payment software vendors on meeting the requirements of the PCI Secure Software Standard and the Secure Software Lifecycle (Secure SLC) programmes.
Comtis is a deliberately compact practice. Every engagement is handled directly by the expert doing the work — no account managers, no hand-offs. The scope is agreed up front and tailored to what your organisation actually needs.
Practice established; information security management advisory.
Payment card industry compliance assessments added.
Infrastructure and application security testing added.
Payment software security framework assessments added.
3-D Secure environment security assessments added.
It depends on the size and complexity of the cardholder data environment. A typical assessment takes two to six weeks — from the opening workshop, through testing and documentation review, to the final report. The exact schedule is agreed before work begins.
A vulnerability scan is an automated check for known weaknesses. A penetration test goes further: an expert manually verifies and chains vulnerabilities, attempting to actually break through defences — the way a real attacker would. The result is a report with evidence and remediation priorities, not just a list of alerts.
Yes. We work in Polish and English, remotely and on site — mainly across Europe. Documentation and reports are delivered in the language of your choice.
With a short conversation. We usually suggest a gap analysis, which shows where you stand against the requirements of the standard and what realistically needs to be done. Based on that, we agree the scope of further work.
Enquiries are answered within one business day. For sensitive matters, secure channels are available on request.