Standard · PCI DSS v4.0.1
PCI DSS, run as a three-stage workflow.
One workspace from the SAQ scoping questionnaire through self-rated risk and per-control evidence, ending in a micro dashboard ready for the QSA. Roles split across creator, business liaison, GRC liaison and control owner. Editing follows the platform billing state.
First month free. No card required.
The three stages.
- Stage 1 — Initial assessment and SAQ scoping
- Answer a short questionnaire about your entity type and how you process card payments.
- The workflow figures out which SAQ applies to you — SAQ-A, SAQ-B, SAQ-C, SAQ-D, and the P2PE variants — or whether you need a full ROC via QSA instead.
- Capture a per-question justification as you answer.
- Submit. Stage 1 is the hard gate — the remaining stages unlock once it is submitted.
- Stage 2 — Risk scoring
- Open every PCI DSS requirement that applies to your chosen SAQ.
- Score each one with a self-rated risk level and a short justification.
- Review the macro dashboard for risk distribution across the requirement set, so you know which clusters need the most work.
- Stage 3 — Certification readiness
- Capture evidence per control, assign owners, and upload files.
- Use AI-assisted policy generation alongside to draft any missing policies.
- The GRC liaison fills the internal audit findings column — compliance status, notes, and required actions.
- Output — Assessor-ready dashboard
- The micro dashboard rolls every control into a single table — status, evidence count, and PCI verdict.
- Ready for handoff to your QSA or internal assessor for review.
- Exportable so the QSA can take their copy and work it offline.
Self-serve, or guided by a consultant.
- Self-serve
- Your team holds every role. The creator, business liaison, GRC liaison and control owners are all teammates you assign. No external party joins the workspace. You pay only the platform fee.
- Guided
- An independent consultant from the SME directory joins as the GRC liaison. They sit inside the same workspace and review the audit findings — compliance status, consultant notes, required actions — while your team owns the implementation columns. You pay the platform fee plus the consultant's review fee, prorated by the day.
Two rates. One while you work. One after.
Activewhile the SAQ and evidence are still in motion.
Passiveonce the assessor-ready dashboard ships and the workspace becomes a read-only record.
Self-serve
Your team runs the workflow end to end.
$550 / month
$50 / month
Guided
Platform fee plus an independent consultant from the SME directory. Browse rates after you sign in.
See directory
See directory
Rates shown are indicative. The exact daily number is displayed inside the product before any assessment is launched.
How the meter works.
- Why two rates
- PCI readiness runs over months, not days. The meter is split so you pay full rate while controls and evidence are still in motion, and a much lower rate once the assessor signs off and the workspace becomes a read-only record.
- Prorated daily
- Charges add up by the day. No annual contract. No per-seat fee. Cancel any time and the meter stops on the cancel date.
- First month free
- The first assessment on your first workflow is free for the first month. No card required at sign-up.
- Switch when the QSA signs off
- Flip the assessment to passive and the meter drops to the lower rate. The SAQ, evidence, and assessor-ready dashboard stay accessible and exportable.