Approved Scanning Vendor

ASV's are organizations that validate adherence to certain DSS requirements by performing vulnerability scans of Internet facing environments of merchants and service providers. The list of ASV’s can be found at PCI standard's website under Approved Scanning Vendor

There are many companies that support compliance needs at every stage. They help build a Payment Card Industry Compliance programs. These companies also issue a Report of Compliance. They emphasize pragmatism as well. At the same time, these companies consider business constraints. They can help make the most of existing hardware as well as devices and processes in your environment. Limiting costs and complexity can help decrease what is in scope for PCI compliance.

These companies emphasize knowledge of the Payment Card Industry Standards. They also emphasize in depth technical understanding across all sections of PCI compliance. Sector-specific knowledge, a practical view on how PCI compliance relates to real world concerns, and an awareness of current treat landscape are also emphasized.

You will need to undergo a new review of your PCI environment. This is to insure that it still meets the requirements. This needs to be done if security processes or infrastructure have changed since previous PCI DSS your assessment. This is also done if third party vendors have changed as well.

There are four types or levels of services. Each service builds on the work accomplished previous stage. Here are the services:

Readiness review: This provides a high level plan for accomplishing compliance for organizations. These are for organizations that are relatively new to the PCI Data Security Standard requirements. They are just getting started on the path toward compliance.
Gap analysis: This is for businesses that have already started working on bringing their PCI environment into compliance. These organizations are also ready for a pre-test. This stage dives into the individuals requirements of the standard. Detailed recommendations will be provided to bring these organizations into compliance.
Mock audit: This is for organizations that believe they are ready to prove they are completely compliant with all of the DSS requirements. This provides approval that all PCI DSS requirements are set in place. It is the very same audit conducted for a ROC. This is also for clients who want to be certain that they will pass the Report on Compliance audit the first time around.
Self Assessment Questionnaire or Report on Compliance: This is the last audit. A merchant verifies that its PCI environment is 100% compliant with all of the DSS requirements.

I'd like to receive a PCI compliant vulnerability scan, which is provided by nCircle FAQ, an ASV in good standing.