Compliance as a Service CaaS

More information




ControlCase has been intimately involved in helping organizations like yours navigate the PCI DSS landscape for several years now. The variety of products out there and the confusion around them makes it very hard to compare competitive offerings.

Various companies have taken various approaches and incorporated various technologies - hardware, software, onsite and managed offsite services to get them PCI Compliant.

We have simplified this whole process and come up with a solution that is akin to "PCI in a Box"; we call it the Compliance as a Service (CAAS).

The Bundle includes everything (except 4 offerings which a majority of the companies already have - firewalls, antivirus, patching process and technology specific encryption) that you will need to get PCI compliant and STAY compliant.

The CAAS offering includes a mix of hardware, software, onsite and offsite services that cost-effectively deliver one of the best values that you will see in the marketplace.

We recommend you seriously look at CAAS and evaluate your current cost of ownership and maintenance for ALL components related to PCI compliance (including hardware, software license and maintenance, personnel costs) with respect to the pricing and convenience offered by CAAS.

However, if you are currently not ready to avail of the benefits and cost savings offered by the Compliance as a Service (CAAS) offering, you can still avail of the individual components.

  PCI in a Box CaaS

What is part of Compliance as a Service (Caas)

Component Category PCI Requirement met
PCI Gap analysis Certification Overall PCI DSS Certification
PCI Remediation supportCertificationOverall PCI DSS Certification
PCI Certification and report on compliance (ROC)CertificationOverall PCI DSS Certification
Data discovery scanner for cardholder dataSoftwareOverall PCI DSS Certification
Centralized compliance management portal and remindersSoftware1
Firewall rule-set analysisManaged Service1
Configuration scannerSoftware2
Configuration scanning of IT assetsManaged Service2
Data discovery scanner for cardholder dataSoftware3
Searching of cardholder data within environmentManaged Service3
Application security scannerSoftware6
Application security scanningManaged Service6
Logging platformSoftware10
File integrity monitoring platformSoftware10
24/7/365 monitoring with Alerts and Daily PCI log reviewsManaged Service10
Secure storage and archival of logsSoftware10
Internal vulnerability scannerSoftware11
External vulnerability scannerSoftware11
Internal vulnerability scanningManaged Service11
External vulnerability scanning (ASV approved scan)Managed Service11
Internal penetration testingManaged Service11
External penetration testingManaged Service11
Policy managerSoftware 12
Customization and updating of policies to meet PCI requirementsManaged Service 12
Annual PCI training portalSoftware12
Distribution and Attestation of Annual Security Awareness TrainingManaged Service12
Annual Risk AssessmentManaged Service12