TOPIC · PULSE COMPLIANCE

Your QSA arrives in six weeks. Your evidence spreadsheet has nine tabs and three owners, and it's already wrong.

PCI-DSS Requirement 12.4.2 mandates quarterly security reviews for service providers. Most retailers manage this in spreadsheets that are everyone's problem and nobody's priority. Pulse Compliance runs the controls continuously — so the evidence is there on the day.

"Where are we on PCI-DSS controls?" "Which requirements have evidence gaps right now?" "Draft me an attestation summary for Requirement 8"

Talk to Compliance Sales See Pulse Compliance →

The cost of not catching this.

QSA evidence-wrangling cost

A typical mid-market retailer with 20–100 stores spends 120–200 hours gathering PCI-DSS evidence per assessment cycle. At $150/hr QSA time plus internal labour, that's $25,000–$45,000 per cycle — before remediation.

Recurring non-compliances

Without continuous monitoring, the same control gaps recur cycle after cycle because the fix is applied at audit time, not embedded in operations. The QSA sees the same finding for the third year running.

Breach exposure window

A control gap that exists between assessment cycles is an attack surface you don't know about. Continuous evidence shows you which controls degraded — and when — before a breach tells you.

How Pulse catches it.

Continuous evidence collection

Pulse maps your iVend configuration to PCI-DSS requirements and collects evidence rows each audit cycle. Access control changes, patch events, and configuration drift are recorded automatically.

Control drift alerting

When a PCI control degrades — a terminal drops below patch level, a user access right changes, a batch settlement window exceeds the allowed period — Pulse fires a control-drift alert.

AI-drafted attestation summaries

"Draft me an attestation summary for Requirement 8 access controls" returns a cited-evidence summary. Your QSA gets cited data rows, not narrative.

What you'd see.

Pulse Compliance Center showing PCI-DSS framework tile with control status breakdown — Compliance Center — PCI-DSS framework tile with control status, evidence rows, and drift alerts.

Ask Pulse drawer showing PCI-DSS attestation summary with cited evidence rows — Ask Pulse drawer — attestation summary with cited evidence rows, ready for your QSA.

Is this your problem to solve?

Compliance owns the evidence; IT owns the controls.

Compliance Officer

Owns PCI-DSS attestation — manages evidence, interfaces with QSA.

See your page →

Store IT Manager

Owns the controls — patch level, access rights, batch settlement windows.

See your page →

What it costs.

PCI-DSS attestation support is part of Pulse Compliance. Compliance is a seat-licensed add-on alongside Pulse Infra. Standard tier covers evidence collection and drift alerting; Pro adds AI-drafted attestation summaries and inspector-ready PDF exports.

Estimate your monthly cost

Billed in USD — pricing disclaimer

Infra seats (IT / ops users)

POS terminals (min 5)

Infra tier

Store Manager seats ($19 each)

Compliance tier

Total Compliance Officer seats 1 included free with Infra; additional at $/seat/mo. No Infra → all seats at headline $/seat/mo.

Store Wall stores ($9 each)

Monthly USD total

$771

· · ·

All prices in USD. Annual billing saves 20%.

Worked example — Chain M (FreshMart)

3 Infra Pro seats × $69 = $207
48 POS @ Pro band (50 × $7) = $336
12 Store Manager seats × $19 = $228
1 Compliance Standard seat (bundled with Infra) = $0
= $771/mo USD

We speak compliance

Audit run Audit cycle Attestation Framework Control Evidence row Jurisdiction Applicability matrix Retention period Officer-of-record Regulator KSA E-Invoicing UAE FTA PCI-DSS GDPR POPIA NDPR DPA