Find the right auditor,
on your timeline.
The independent marketplace for PCI QSA, SOC 2, ISO 27001, HITRUST, and HIPAA auditors. Browse verified firms by region, certification, and service area — no pay-per-lead tricks, no referral fees.
By compliance vertical
PCI QSA
Qualified Security Assessors for PCI DSS audits. Required for Level 1 merchants.
SOC 2
AICPA-licensed CPA firms issuing SOC 2 Type 1 and Type 2 attestation reports.
ISO 27001
SoonImplementation consultants and certification bodies for ISO 27001 ISMS.
HITRUST
SoonAuthorized External Assessors (AEAs) for HITRUST CSF certification.
HIPAA
SoonCompliance assessors for HIPAA Security Risk Analyses and audits.
Coverage you can actually use
442 firms indexed from the PCI Security Standards Council's official list. Filter by region — every U.S. state, plus international coverage from firms that span continents.
How it works
Search by region & vertical
Filter by geography, certification, and Associate QSA support. See the whole market, not just who paid for placement.
Compare verified profiles
Region coverage, languages, primary contacts, and website. Verified profiles get a badge and a richer listing.
Connect directly
Reach out via the firm's own contact info. No intermediary, no referral fees, no commissions paid to Attestio.
Get found by buyers who are ready to engage.
Free basic listing from the PCI SSC scrape. Upgrade to Verified ($99/mo) for a richer profile, contact visibility, and the badge that signals legitimacy to procurement teams.
- Claim your scraped listing
- "Verified" badge in search
- Direct contact email visible
- Logo, photos, and a custom description
- Priority placement in browse