Assessment Services

The design of many programs, products, and services means providing the best experience for the end-user. There is a need for a dedicated look at the performance from time to time to ensure the result matches expectations. Servadus Assessment Services focuses on cybersecurity compliance and security programs for various frameworks. All assessments can be formal events or spot checks. Assessment programs focus on Payment Card Industry (PCI) Data Security Standards (DSS), SWIFT, EI3PA, NIST, and ransomware readiness, with a near-term focus on NCUA’s ACET (Automated Cybersecurity Evaluation Toolbox) and Cybersecurity Maturity Model Certification (CMMC) Version 2.

All validations and assessments include world-class project and workflow management, which are online systems for near real-time reporting. The project management provides leading and other stakeholders with insight into the plan while supporting the technical point of contact with insight to request evidence or artifacts and transparency on the status of each security control that is part of the assessment.

Payment Brand and Bank support for clients

Payment Card Industry Data Security Standards (PCI DSS)

Level 1 PCI DSS Assessments

This service helps validate more than 400 controls and gives a Report and Attestation of Compliance for large organizations that process, transmit, or store cardholder data, credit or debit cards, or need to show compliance with the PCI DSS as a Level 1 merchant or service provider. If you would like to know more about PCI Council Essential Resources click here.


Computer Keyboard with Enter button showing up PCI instead of Enter.

Level 2 and 3 PCI DSS Assessments

This service helps small and medium organizations that process, transmit, or store cardholder data, credit or debit cards, or otherwise need to demonstrate compliance with the PCI DSS as a Level 2 or Level 3 merchant or service provider. This service assists with validation by utilizing one of eight self-assessment questionnaires and an Attestation of Compliance.


PCI DSS Version 4 Gap Assessment

If your organization is already demonstrating compliance with PCI DSS v3.2.1 and wants to get started with the new version 4, this assessment is for you. It reviews the 64 new controls, reports on the status of compliance, and makes recommendations for achieving them before March 2024.

PCI Gap validations


Whether you are starting a new role, making infrastructure changes, or need a mid-year review, our team will conduct full or partial gap validations as your company requires. Contact our special team to arrange this custom solution.

Payment Brand and Bank support for clients

Organizations that offer merchant services must ensure that all merchants follow the PCI DSS. This service makes sure that all Level 2, 3, and 4 merchants with online access and support are assessed and in compliance.

Society for Worldwide Interbank Financial Telecommunication (SWIFT) Customer Security Programme (CSP)

SWIFT is a global messaging network used by banks and other financial institutions with the intent to quickly, accurately, and securely send and receive information, such as money transfer instructions. To ensure the security of the messages, SWIFT established the Customer Security Controls Framework (CSCF).

The Customer Security Controls Framework (CSCF) describes a set of mandatory controls that all SWIFT users must follow.

The Servadus team has the external independence and experience necessary to validate the CSP’s required and recommended controls.

Assessments for all needs

NIST Cybersecurity Framework (CSF)

NIST SP800-53

Cybersecurity Maturity Model Certification (CMMC) v2.0

Experian’s Independent 3rd Party Assessment (EI3PA)

Ransomeware Readiness Assessment

Higher Education Information Security Council (HEISC)

Higher Education Community Vendor Assessment Toolkit (HECVAT)