Blog Product Thoropass is now a PCI Approved Scanning Vendor (ASV) At Thoropass, we believe compliance should be seamless, not fragmented. That’s why we’ve built the only platform that brings automation, audit, and expertise together in one place-and today, we’re excited to announce a major expansion to our PCI offering. Thoropass is now an officially recognized PCI Approved Scanning Vendor (ASV). This certification from the PCI Security Standards Council means that Thoropass is authorized to deliver external vulnerability scans that meet PCI DSS requirement 11.3.2-a core component of PCI compliance. It’s a significant milestone for us and a powerful upgrade for our customers. Let’s take a closer look. What Is a PCI ASV? An Approved Scanning Vendor (ASV) is an organization certified by the PCI Council to conduct external vulnerability scans required by the PCI Data Security Standard. These scans test your internet-facing systems for known vulnerabilities-and they must be performed by an approved vendor. Thoropass is now part of a select group-fewer than 100 companies worldwide-approved to perform this type of scanning. Why PCI ASV matters Most PCI programs require coordination across multiple vendors: one for compliance automation, one for audit (QSAC), and another for ASV scanning. That means multiple contracts, disconnected tools, and frequent delays. With Thoropass, you can now manage everything in one place. What you get with Thoropass ASV: Certified ASV scans for PCI DSS requirement 11.3.2 Expert remediation guidance and rescan support Official attestation of scan compliance to submit to your acquiring bank or card brand Bundled services across PCI automation, audit, and scanning Whether you’re pursuing your first PCI report or managing ongoing quarterly scans, Thoropass removes the complexity. Who needs PCI ASV scans? If you’re a merchant or service provider with systems exposed to the internet, PCI ASV scans are required. That includes: SaaS and fintech companies processing cardholder data Healthcare and e-commerce platforms Any organization that must comply with PCI DSS and needs to submit quarterly scan reports Already using Thoropass for PCI audits or automation? You can now add scanning directly to your current subscription. How Thoropass helps Thoropass is the only platform that combines: PCI DSS compliance automation PCI DSS audit & assessment (as a certified QSAC) PCI Level 1 penetration testing Certified ASV scanning You no longer need to juggle four tools or coordinate with multiple teams. With Thoropass, you get one dashboard, one audit-aligned process, and one expert partner for all things PCI. And because we’re built by auditors and security pros, you’ll have the rigor and support you need every step of the way-from first scan to final report. One platform, total PCI confidence Thoropass ASV scanning is now available to all customers. As always, our approach is: Unified – Manage audits, automation, and scans in one place Expert-guided – Get support from real people, not just dashboards Audit-ready – Use AI and automation to prep confidently Scalable – Start with scans, grow into full compliance Ready to simplify PCI compliance? Talk to a Thoropass expert and learn how we can help you achieve and maintain PCI DSS compliance-faster, easier, and with fewer vendors. CASE STUDY Forage streamlined SOC 2 and PCI audits to achieve $100k in savings Utilizing Thoropass’ multi-framework, single-audit approach, Forage was able to beat their compliance deadlines and save 3-6 months of development time. Ryan Detwiller See all Posts Read More icon-arrow Ryan Detwiller See all Posts Share this post with your network: Facebook Twitter LinkedIn
