--- title: SecurityMetrics Reviews meta_title: 'SecurityMetrics Reviews 2026: Details, Pricing, & Features | G2' meta_description: Filter 43 reviews by the users' company size, role or industry to find out how SecurityMetrics works for a business like yours. aggregate_rating: rating_value: 4.8 review_count: 43 scale: '5' date_modified: '2026-06-24' parent_category: name: Security and Privacy Services url: https://www.g2.com/categories/security-and-privacy-services --- # SecurityMetrics Reviews **Vendor:** SecurityMetrics **Category:** [IT Compliance Services Providers](https://www.g2.com/categories/it-compliance-services) **Average Rating:** 4.8/5.0 **Total Reviews:** 43 ## About SecurityMetrics SecurityMetrics secures peace of mind for organizations that handle sensitive data. From local shops to some of the world’s largest brands, SecurityMetrics helps businesses achieve data security with penetration testing, vulnerability scanning, gap analysis, security consulting, managed services and compliance mandates (PCI, CMMC, HIPAA, GDPR, HITRUST). SecurityMetrics is a CMMC Certified Registered Provider Organization (RPO), PCI certified Approved Scanning Vendor (ASV), Qualified Security Assessor (QSA), Certified Forensic Investigator (PFI), and Managed Security provider with over 25 years of data security experience. They have tested over 100 million systems for data security and compliance. They are privately held and headquartered in Orem, Utah, where they maintain a Security Operations Center (SOC) and 24/7 multilingual technical support. ## SecurityMetrics Pros & Cons **What users like:** - Users find the **ongoing monitoring** of SecurityMetrics essential for maintaining PCI compliance effectively. (1 reviews) - Users value the **ongoing monitoring** feature of SecurityMetrics, essential for maintaining PCI compliance effectively. (1 reviews) **What users dislike:** - Users believe the **vulnerability scanning** feature needs improvement as it lacks coverage for various types of scans. (1 reviews) - Users find **vulnerability scanning lacking** as it doesn't cover all necessary types of scans for comprehensive security. (1 reviews) - Users feel that the **vulnerability scanning** can be improved, as it doesn't cover all scan types effectively. (1 reviews) ## SecurityMetrics Reviews ### 1. People-First SecurityMetrics Partnership That Keeps Us Audit-Ready Year-Round **Rating:** 5.0/5.0 stars **Reviewed by:** Rolian R. | Small-Business (50 or fewer emp.) **Reviewed Date:** March 03, 2026 **What do you like best about SecurityMetrics?** People and security first, that's what we love most about SecurityMetrics' approach to navigating regulatory compliance, including PCI DSS 4.0.1. 4 years into our partnership, the improvements are felt on a daily basis. What stands out is how they've transformed security from an annual audit event into an ongoing commitment, we maintain regular monthly communication with their team, ensuring we stay audit-ready while keeping a genuinely secure and protected environment for our cardholders and merchants year-round. **What do you dislike about SecurityMetrics?** One area for improvement is the Suralink platform, which could benefit from a more intuitive experience. More broadly, we'd love to see SecurityMetrics evolve into a truly all-in-one compliance solution, consolidating all the tools and services needed to maintain PCI compliance under a single roof. Currently, having to source additional solutions externally adds both cost and complexity to a program that is already resource-intensive to manage. A unified, seamless platform experience would be a game changer for small organizations like ours. **Recommendations to others considering SecurityMetrics:** If your organization handles payment data and is navigating PCI DSS compliance, SecurityMetrics is a partner worth serious consideration. Don't wait until an audit is looming, engage them early. The value isn't just in passing your annual assessment, but it's in building a security culture that protects your business, your merchants, and your customers every single day. For payment processors and fintechs especially, the regulatory landscape is only getting more complex. Having a team that combines compliance expertise with practical security guidance means you're not just checking boxes, you're genuinely reducing risk. Four years in, we can confidently say SecurityMetrics has made Strictly a stronger, more secure organization, and that investment pays for itself in trust, readiness, and peace of mind. **What problems is SecurityMetrics solving and how is that benefiting you?** SecurityMetrics supports our ongoing security program through quarterly external vulnerability assessments, penetration testing, and annual onsite evaluations. What sets them apart is their deep industry experience, they don't just function as a compliance checkbox; they act as a trusted advisor, guiding us on security best practices and helping Strictly become a more resilient and secure organization year over year. ### 2. Professional auditor and always willing to improve our security **Rating:** 5.0/5.0 stars **Reviewed by:** Guido C. | Enterprise (> 1000 emp.) **Reviewed Date:** February 25, 2026 **What do you like best about SecurityMetrics?** The professionalism of the auditor and their constant intention to help improve the company's security. **What do you dislike about SecurityMetrics?** There is nothing about the company or the auditor that has displeased me. **Recommendations to others considering SecurityMetrics:** SecurityMetrics is, without a doubt, the best option for organizations that need to organize and simplify PCI DSS compliance. It facilitates ASV scans, the management of findings, and the tracking of remediations, which helps keep the process under control. I recommend it for its operational clarity and the support it provides during the certification process. **What problems is SecurityMetrics solving and how is that benefiting you?** SecurityMetrics helped us manage PCI DSS 4.0.1 compliance in a clear and organized manner, especially in ASV scans, vulnerability detection, and remediation tracking. The platform also simplified documentation and allowed us to reduce audit times. As a result, we improved risk visibility and strengthened our security posture. ### 3. Reliable PCI Compliance Partner with Excellent Support **Rating:** 5.0/5.0 stars **Reviewed by:** Tyler T. | Mid-Market (51-1000 emp.) **Reviewed Date:** November 04, 2025 **What do you like best about SecurityMetrics?** What I like best about SecurityMetrics is the friendliness and professionalism of their staff. Our assigned QSA is always very knowledgeable and takes the time to explain requirements clearly, helping ensure our company remains fully compliant. The personalized support and expertise they provide make the PCI audit process far less stressful and much more efficient. **What do you dislike about SecurityMetrics?** Overall, our experience with SecurityMetrics has been very positive. If I could make one recommendation, it would be to implement a single sign-on experience for all platforms — including the main compliance portal and vulnerability scanning features. Consolidating access under one login would make the process more efficient and user-friendly, especially when managing multiple tasks during the audit cycle. **Recommendations to others considering SecurityMetrics:** I would highly recommend SecurityMetrics to any organization that needs to maintain PCI compliance or strengthen its overall security posture. Their team is knowledgeable, responsive, and genuinely invested in helping clients succeed. The audit process is well-structured, and their QSAs provide clear guidance that makes compliance much easier to manage. If you’re looking for a partner that combines strong technical expertise with excellent customer support, SecurityMetrics is a great choice. **What problems is SecurityMetrics solving and how is that benefiting you?** Our company is required to perform annual PCI Compliance audits with an on-site auditor. SecurityMetrics helps streamline this process by providing clear guidance, tools, and documentation needed to meet PCI requirements. Their platform simplifies evidence collection, vulnerability scanning, and reporting, which reduces the time and complexity of preparing for the annual audit. By using SecurityMetrics, we’ve been able to identify and remediate potential vulnerabilities more efficiently, ensuring that our environment remains secure and compliant year-round—not just at audit time. Overall, this has improved our security posture, reduced compliance risk, and saved both time and resources during the audit process. ### 4. Shopping Cart Monitor **Rating:** 4.5/5.0 stars **Reviewed by:** james l. | Small-Business (50 or fewer emp.) **Reviewed Date:** September 26, 2025 **What do you like best about SecurityMetrics?** The ease of using a portal to review scripts, authorise or decline scripts with a justification, options to download inventories / scans, when I do have an issue I am able to reach out to Maloy who does respond and helps us to get issues resolved along with Shane. **What do you dislike about SecurityMetrics?** The turnaround for bugfixes or portal updates does seem a little slow, inline scripts at the moment seems to be the most dislike at the moment as it requires emailing support to get more details which would be better for reviewing scripts, a manual option like the basic pages on the shopping cart plus option so not waiting for the system to run the test **Recommendations to others considering SecurityMetrics:** I would recommend using SecurityMetrics as it is simple to sign up, good product to use for meeting the new PCI DSS 4.0.1 requirements, the dashboard is easy to use and the scanning works without having to add any coding or anything extra to your pages in order for the scanning to take place. **What problems is SecurityMetrics solving and how is that benefiting you?** The shopping cart monitor is helping us to monitor scripts, and headers on our pages to help detect anything malicious and to help meet PCI DSS 4.0.1 requirements ### 5. Independent security audit company vs Knowledge Transfer resource **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Information Technology and Services | Small-Business (50 or fewer emp.) **Reviewed Date:** July 31, 2025 **What do you like best about SecurityMetrics?** Security Metrics QSA staff, PEN Testing and ASV staff are always willing to provide 1st hand guidance when they deem the situation to be necessary. In a sense, Security Metrics seems to adopt our cyber-sec environment as their environment and as such, engages our staff with their cultural perspective that their standard's for QA are standards that we must take to heart in the same manner as they do within their own organization - simply stated they take "ownership" of their client's welfare - a very rare quality to find in today's private sector culture. **What do you dislike about SecurityMetrics?** I personally wish the virtual threat analyses were available more often. These virtual sessions are highly instructive and provide a 1st hand sense of the risk associated with most APTs today. The high-level threat analyses that we get from our 3rd party Intel resources are good, but the Security Metrics virtual threat analyses take many of the APT threats and tend to put a very fine point on many of these international threats and how they are expanding their scope of activity. **Recommendations to others considering SecurityMetrics:** Please see my comments in "What do you dislike about Security Metrics"?. **What problems is SecurityMetrics solving and how is that benefiting you?** Security Metrics is much, much more than just a highly recognized independent security assessment audit company. More precisely, Security Metrics takes the engaging position that professional knowledge transfer from their staff to our cyber security staff is an utmost priority. Consequently, security awareness is elevated far above what one might encounter in other business organizations that are comparable to our organization. A great example of what we mean by "knowledge transfer" is Security Metric's ongoing "Threat Briefings" that go a long way toward enhancing our 1st hand knowledge of the nation-state adversaries that threaten businesses of all stripes across the United States. Also, when Security Metrics QSA perform their exit review, it is not one that is perfuntory in nature, it is one of the most value packed And for companies like ours that operate in nearly every state in the Country, that is a critical value that is numbered by the many mechanisms and constantly evolving operational traits that we have adopted over the years via Security Metrics never ending engagement efforts in the advancement of our overall cyber-sec defensive strategies. ### 6. Quick when urgency matters. Great Communication and a Well-Structured Portal for Easy Uploads **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Financial Services | Small-Business (50 or fewer emp.) **Reviewed Date:** March 30, 2026 **What do you like best about SecurityMetrics?** Great communication, and the portal is well structured for uploading all the necessary information. **What do you dislike about SecurityMetrics?** The cost was in line with other vendors, but since this was an unexpected expense for my business (a small business, to be clear), it was still a burden. This isn’t feedback related to SecurityMetrics. **What problems is SecurityMetrics solving and how is that benefiting you?** A last-minute change to our business categorization meant we suddenly needed to become PCI compliant within just a few weeks (very short notice). SecurityMetrics was able to stand up the assessment quickly, which helped us meet this requirement in time. Thank you. ### 7. Worth It for the Peace of Mind Alone **Rating:** 5.0/5.0 stars **Reviewed by:** Brandon I. | Mid-Market (51-1000 emp.) **Reviewed Date:** August 05, 2025 **What do you like best about SecurityMetrics?** The human side of things. Yes, their bot does the work to detect anything malicious but their team will also investigate it and help you eliminate the issue. **What do you dislike about SecurityMetrics?** There is nothing that I have found to dislike. **Recommendations to others considering SecurityMetrics:** We only use SecurityMetrics for their Shopping Cart Monitor, but it's been well worth it. If you suspect anything strange on your cart, I highly recommend giving them a shot. They identified our issue almost immediately and have consistently stayed on top of any malicious activity since. **What problems is SecurityMetrics solving and how is that benefiting you?** We've been using SecurityMetrics to monitor our shopping cart, and it's been a solid layer of protection. Their bot watches for any code changes in our stack and sends alerts right away when something looks off. What really stands out is their team — they don’t just notify me, they actively help track down where the changes came from and work with me to eliminate the issue at the source. They also follow up to make sure the threat is fully resolved. ### 8. Efficient and Thorough **Rating:** 5.0/5.0 stars **Reviewed by:** Alan M. | Small-Business (50 or fewer emp.) **Reviewed Date:** August 04, 2025 **What do you like best about SecurityMetrics?** Their thoroughness and authority on the subject matter of PCI compliance. **What do you dislike about SecurityMetrics?** I don't like their software tracking platform, per-se. I realize audits are complex and there are hundreds of documents to organize and track. I also realize every company is different. I just feel like an intuitive product-minded person has not led the development or adoption of the document tracking process and the non-intuitive nature takes a lot of energy to overcome. I'm certain there is a more intuitive path for Security Metrics that will help them win and retain clients going forward. No dis to the team or process otherwise. It's just a comment on tooling. **Recommendations to others considering SecurityMetrics:** We shopped our bid for a PCI audit. Security Metrics wasn't the cheapest, but the scoping conversations with their team early on gave us confidence to move forward with them. **What problems is SecurityMetrics solving and how is that benefiting you?** We undergo annual PCI audits. Security Metrics is our auditor. This is an important part of our security framework and also sales materials as we're able to provide prospective clients our report on compliance. ### 9. Expert Team and Outstanding Customer Service **Rating:** 5.0/5.0 stars **Reviewed by:** Arturo A. | Enterprise (> 1000 emp.) **Reviewed Date:** November 17, 2025 **What do you like best about SecurityMetrics?** The team demonstrates a high level of expertise and consistently provides excellent customer service. **What do you dislike about SecurityMetrics?** I have nothing in particular to mention when it comes to dislikes. **Recommendations to others considering SecurityMetrics:** I strongly recommend SecurityMetrics if you are looking to meet your PCI compliance requirements. **What problems is SecurityMetrics solving and how is that benefiting you?** SecurityMetrics conducted an on-site assessment and thorough evaluation of all credit card processing systems, networks, e-commerce platforms, as well as related policies and procedures. Their review involved identifying potential risks of fraud, working to reduce PCI scope, improving policies and procedures for credit card processing, and creating action plans to address any vulnerabilities found. ### 10. PCI audit, Security Consulting, ASV, and support for SAQ A iFrame compliance **Rating:** 5.0/5.0 stars **Reviewed by:** John L. | Enterprise (> 1000 emp.) **Reviewed Date:** July 23, 2025 **What do you like best about SecurityMetrics?** They are very helpful with scope questions and are quick to jump on a call with a 3rd party service provider to help with collecting TPSP compliance documentation or reviewing TPSP compliance documentation. **What do you dislike about SecurityMetrics?** I honestly do not really have many dislikes. Their pricing is good. We have gone through multiple RFPs and they have won each time. If I had to have a dislike, they have multiple products, ASV, PanScan, Shopping Cart Monitor, and we use all of them. If I have a question, knowing the most efficient way to contact the specific department would be helpful. **Recommendations to others considering SecurityMetrics:** Do your own research to see what company might work best for you, but I have recommended Security Metrics to other before. I have worked with TPSPs and they might be looking for a QSA or an approved ASV scanning provider and I have told them we use Security Metrics, and we have a great relationship with them, but please do your own research and choose any ASV or QSA for your needs. **What problems is SecurityMetrics solving and how is that benefiting you?** Security Metrics is our QSA company for annual PCI compliance audit. They also help with one-off PCI security questions, ASV scanning, and product support for SAQ A iFrame merchant compliance. We have a long-standing relationship. We have been working with Security Metrics for many years for annual compliance and through their guidance we have also reduced scope and increased our security posture. They are a trusted partner. They are very knowledgeable and offer good advice. ### 11. Reliable support for staying PCI compliant **Rating:** 4.5/5.0 stars **Reviewed by:** Clive B. | Small-Business (50 or fewer emp.) **Reviewed Date:** July 30, 2025 **What do you like best about SecurityMetrics?** SecurityMetrics consistently makes PCI compliance easy to understand and navigate. Their team is professional, highly knowledgeable, and always quick to respond when we have questions or need assistance. The peace of mind they provide by staying on top of evolving compliance standards is invaluable to our business operations. **What do you dislike about SecurityMetrics?** There’s very little to criticise, but the extra cost to the forensic services and stress testing impacts your bottom line. **Recommendations to others considering SecurityMetrics:** If PCI compliance is essential to your business, SecurityMetrics is the best choice. They are calm and help you through the endless PCI requirements. **What problems is SecurityMetrics solving and how is that benefiting you?** SecurityMetrics helps ensure our business remains PCI compliant with minimal confusion or disruption. Their expert guidance simplifies a complex and often intimidating process, which is essential in maintaining trust with our customers and our payment provider. ### 12. Thorough, Professional, and Human-Centered Penetration Testing **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Computer Software | Mid-Market (51-1000 emp.) **Reviewed Date:** August 13, 2025 **What do you like best about SecurityMetrics?** Their team is professional, respectful, and collaborative. They honor the rules of engagement, communicate clearly, and approach the work as a true partnership rather than just running tools and sending raw output. The final report was clearly written by a human expert: well-organized, insightful, and free from the generic, bloated format that’s common with automated-only assessments. I also appreciated their responsiveness and flexibility when it came to retesting timelines. We also chose SecurityMetrics because it allowed us to have both our penetration testing and ASV vulnerability scanning handled under one roof. **What do you dislike about SecurityMetrics?** Our experience was very positive. No critical feedback to offer. **What problems is SecurityMetrics solving and how is that benefiting you?** SecurityMetrics provides our organization with a reliable, independent assessment of our security posture through thorough penetration testing. Their approach helps us identify vulnerabilities that automated scans might miss, while also validating that our defenses are working as intended. This not only strengthens our security but also supports compliance and builds confidence for our stakeholders. The benefit is a clear, actionable roadmap to remediation without unnecessary noise or irrelevant findings. ### 13. PCI Audit **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Supermarkets | Mid-Market (51-1000 emp.) **Reviewed Date:** August 01, 2025 **What do you like best about SecurityMetrics?** We had a 12 month contract to complete the audit. It was apparent we would not make that timeframe so Security Metrics agreed to work with us an additional 6 months at no additional charge. The Security Metrics auditor that did our onsite audit has been very helpful and informative. **What do you dislike about SecurityMetrics?** This was the very first time that our company had to go through a PCI audit. Since this was our first audit, it would probably have been incumbent on Security Metrics to stress that we might need the services of a PCI consultant to assist us in satisfying the requirements of the audit. **Recommendations to others considering SecurityMetrics:** Very professional and competent company. I had pulled various documents and forms from their website for years in a previous job, this is my first experience actually working with them. I do have some frustrations with the audit process in general, but Security Metrics does not control the process. I found Security Metrics to be very easy to work with. If you have never been through an audit before, Security Metrics provides templates that provide a starting point for you in gathering the required documents and putting required processes in place. If this is your first audit, you might consider hiring a PCI consultant that can work with you and Security Metrics in order to satisfactorily complete your audit. **What problems is SecurityMetrics solving and how is that benefiting you?** PCI Audit required by Visa/Mastercard ### 14. Preferred partner for penetration testing and PCI compliance **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Consulting | Mid-Market (51-1000 emp.) **Reviewed Date:** August 05, 2025 **What do you like best about SecurityMetrics?** I like the responsiveness of Security Metrics staff. I like the tools they provide to us and our clients for penetration testing coordination and PCI compliance management. I like the free 90-day retest for penetration testing, providing our firm and our clients ample time to remediate penetration test findings and obtain a clean report at no additional charge. **What do you dislike about SecurityMetrics?** Some of our clients have complained of being targeted with misleading marketing emails for other services after contracting Security Metrics for penetration testing. **Recommendations to others considering SecurityMetrics:** If you are engaging Security Metrics for penetration testing, make sur to follow the test prep instructions including whitelisting of Security Metrics scanning IP addresses. This will ensure smooth and complete execution of your penetration test without unnecessary fire drills or limiting testing scope due to interference from your IDS/IPS. **What problems is SecurityMetrics solving and how is that benefiting you?** Our consulting firm partners with Security Metrics to provide our clients penetration testing services and PCI DSS related tools and services. ### 15. SecurityMetrics is our all-in-one vendor for PCI compliance **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Accounting | Mid-Market (51-1000 emp.) **Reviewed Date:** August 11, 2025 **What do you like best about SecurityMetrics?** I like that they take care of all of our PCI needs. We don't have to work with multiple vendors to complete our annual tasks and audit. **What do you dislike about SecurityMetrics?** It would be great if the evidence collection platform integrated with our GRC, **Recommendations to others considering SecurityMetrics:** I recommend considering SecurityMetrics for your internal and external pen tests, vulnerability scan, and audits. Their vulnerability scans can be scheduled, and our customer service rep reaches out when it's time for our pen tests and audit. I don't have to worry about missing a date, or getting behind. **What problems is SecurityMetrics solving and how is that benefiting you?** onPhase's AR product must maintain Level 1 PCI compliance. SecurityMetrics handles our PCI penetration tests, vulnerability scans, and our annual audit. Their platform for evidence collection is easy to use and helps streamline the process. We've had the same auditor for many years which just makes the audit process that much smoother since he already knows our business. ### 16. Director of GRC, I have been a QSA, HITRUST certified and I complete ISO 27001 and SOC audits. **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Information Technology and Services | Enterprise (> 1000 emp.) **Reviewed Date:** February 06, 2026 **What do you like best about SecurityMetrics?** Their patience and professionalism. They also work with you closely. **What do you dislike about SecurityMetrics?** There is nothing to dislike at this moment (and I've been working with them for 3 years). **Recommendations to others considering SecurityMetrics:** They are cost effective and know their stuff **What problems is SecurityMetrics solving and how is that benefiting you?** Annual PCI audit. SecurityMetrics completes 3 PCI audits for our organization a year ### 17. PCI Level 2 compliance with QSA - awesome experience with SecurityMetrics! **Rating:** 5.0/5.0 stars **Reviewed by:** Jiri H. | Small-Business (50 or fewer emp.) **Reviewed Date:** September 23, 2025 **What do you like best about SecurityMetrics?** David Page from SecurityMetrics did a great job - very professional, reliable, thorough, super helpful. The project went smooth. **What do you dislike about SecurityMetrics?** N/A. Nothing could be done better. Super satisfied. **Recommendations to others considering SecurityMetrics:** SecurityMetrics is THE company you're looking for. Our PCI Level 2 compliance renewal with QSA was done within a month. No issues, can highly recommend. I just wish we had more partners like SecurityMetrics and David Page :) **What problems is SecurityMetrics solving and how is that benefiting you?** PCI Level 2 yearly compliance renewal with Qualified Security Assessor (QSA). ### 18. Great Security Partner **Rating:** 5.0/5.0 stars **Reviewed by:** Jeff H. | Chief Technology Officer, Small-Business (50 or fewer emp.) **Reviewed Date:** July 18, 2025 **What do you like best about SecurityMetrics?** Reliability and deep expertise. Over the past decade, they've been a consistent partner through PCI DSS audits, penetration tests, and ASV scanning. Their auditors are knowledgeable and collaborative, and always have good recommendations. **What do you dislike about SecurityMetrics?** One penetration test wasn't as thorough as I expected. The company redid the test. **Recommendations to others considering SecurityMetrics:** Their team brings deep knowledge of PCI DSS, real-world penetration testing, and ASV scanning. They take a collaborative approach, explaining issues clearly and offering practical remediation guidance. We've gone through multiple audits and tests with them, and they’ve always been thorough, professional, and easy to work with. **What problems is SecurityMetrics solving and how is that benefiting you?** The have provided us with PCI DSS Audits, ASV Scanning, and Penetration Tests ### 19. SecuirtyMetrics is a great partner in pursuing PCI compliance. **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Fund-Raising | Mid-Market (51-1000 emp.) **Reviewed Date:** November 13, 2025 **What do you like best about SecurityMetrics?** They offer a variety of services to help achieve PCI compliance, they provide great information about compliance requirements, and the project management process is very smooth. **What do you dislike about SecurityMetrics?** I haven't yet found anything that I dislike. **Recommendations to others considering SecurityMetrics:** I think they are very thorough, are easy to work with, and provide great documentation. **What problems is SecurityMetrics solving and how is that benefiting you?** They are conducting application pen testing for PCI compliance. This testing helps us meet mandatory PCI CSS requirements, identify real exploitable vulnerabilities, validate security controls, and reduce breach risk and financial impact resulting from a tarnished brand. ### 20. Amazing work! **Rating:** 5.0/5.0 stars **Reviewed by:** Jasmine M. | Enterprise (> 1000 emp.) **Reviewed Date:** July 21, 2025 **What do you like best about SecurityMetrics?** The communication! I love that i can send an email with a request of question and they are so fast to respond and get back to me. I love it! **What do you dislike about SecurityMetrics?** Nothing honestly, no complaints. Communication and everything is great! **Recommendations to others considering SecurityMetrics:** Do it! Their team is so helpful and dedicated to helping their clients. I never worry about our PCI assessment because i know they are on it and they will be there every step of the way **What problems is SecurityMetrics solving and how is that benefiting you?** SecurityMetrics is helping our University with out PCI compliance and helping to complete our assessment with us each year. They have been a tremendous help and resource. ### 21. Extremely Knowledgeable Team That Makes PCI Audits Run Smoothly **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Computer Software | Small-Business (50 or fewer emp.) **Reviewed Date:** January 21, 2026 **What do you like best about SecurityMetrics?** They’re extremely knowledgeable, and they make our PCI audit run smoothly. **What do you dislike about SecurityMetrics?** I honestly can’t think of anything I dislike about it. **What problems is SecurityMetrics solving and how is that benefiting you?** We’ve been using SecurityMetrics for both our PCI audit and PEN Tests, along with their Shopping Cart Monitor tool, which helps us stay on top of PCI requirements. ### 22. Security Metrics and Jessica **Rating:** 5.0/5.0 stars **Reviewed by:** Joe H. | Small-Business (50 or fewer emp.) **Reviewed Date:** September 29, 2025 **What do you like best about SecurityMetrics?** They communication and help during all of the scans. **What do you dislike about SecurityMetrics?** Penetration testing isn't easy. The first time we had to have our server team help install the beacon. **Recommendations to others considering SecurityMetrics:** Call Jessica, she is easy to speak with and very efficient with your time to solve the goals you have in mind. **What problems is SecurityMetrics solving and how is that benefiting you?** Security Metrics is filling a need for Penetration testing, shopping cart monitor, and PCI compliance. ### 23. SecurityMetrics was very professional in working to define our PCI audit and meet our budget. **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Restaurants | Small-Business (50 or fewer emp.) **Reviewed Date:** August 07, 2025 **What do you like best about SecurityMetrics?** They have deep knowledge of the PCI compliance regulations and were able to look at our system architecture and infrastructure and quickly assess what tests and audits need to be performed. They are also very accommodating to our timeline. **What do you dislike about SecurityMetrics?** I can't think of anything so far. We just had the kickoff and that we really great. **Recommendations to others considering SecurityMetrics:** If you are looking for a company with expertise in PCI audits and with the flexibility to meet you specific needs, SecurityMetrics is a great option. **What problems is SecurityMetrics solving and how is that benefiting you?** They will be conducting our annual PCI audit which is required for us to continue processing credit card payments through our system. This is a large project and having SecruityMetrics manage the tasks and perform the audit saves us a lot of time. ### 24. SecurityMetrics was a great company to work with and we look forward to working with them again. **Rating:** 5.0/5.0 stars **Reviewed by:** Vernon M. | Small-Business (50 or fewer emp.) **Reviewed Date:** September 10, 2025 **What do you like best about SecurityMetrics?** The staff at SecurityMetrics was great to work with. **What do you dislike about SecurityMetrics?** We experienced NO dowsides and had NO issues. **What problems is SecurityMetrics solving and how is that benefiting you?** We are a small business that provides support services to Private Physician Groups. Having access to confidential information requires us to ensure that our networks and systems are secure. We contracted with SecurityMetrics to perform External Penetration Testing to help ensure that our data is safe. ### 25. Providing the expertise that our small team lacks **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Civic & Social Organization | Small-Business (50 or fewer emp.) **Reviewed Date:** July 31, 2025 **What do you like best about SecurityMetrics?** The tools are easy to use and affordable. While there are other options available through other vendors that are much more sophisticated with enhanced features, they are beyond what we needed and cost prohibitive. **What do you dislike about SecurityMetrics?** There was a minimum number of hours we could purchase for consulting services which was more than we needed. It would have been nice if a straight pay-as-you-go hourly rate could have been arranged instead. **What problems is SecurityMetrics solving and how is that benefiting you?** We have retained QSA experts from SecurityMetrics to help advise us on our self-attestation and updates needed for the latest version of PCI standards. In addition to being advisor, we have also been happy with the software services we have purchased from them to support our certification requirements. ### 26. SecurityMetrics.com QSA Service Review **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Hospital & Health Care | Enterprise (> 1000 emp.) **Reviewed Date:** August 05, 2025 **What do you like best about SecurityMetrics?** The SecurityMetrics QSAs are engaging and assistive. Their efforts to schedule remote or onsite visits while accommodating business needs are truly appreciated. **What do you dislike about SecurityMetrics?** QSA resources are available on a first come first served basis so prior planning is mandatory to continuously engage with the same QSA. **Recommendations to others considering SecurityMetrics:** Consider conducting a gap analysis prior to engaging a QSA for a PCI DSS assessment so that you are aware of the current expectations/requirements. **What problems is SecurityMetrics solving and how is that benefiting you?** The external Payment Card Industry (PCI) Qualified Security Assessor (QSA) services have significantly increased my ability to internally support cardholder data environment analyses throughout our organization. The lessons learned, industry knowledge, and peer information sharing provided by QSAs from SecurityMetrics are invaluable. ### 27. SecurityMetrics Makes PCI Compliance Easier **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Health, Wellness and Fitness | Mid-Market (51-1000 emp.) **Reviewed Date:** July 30, 2025 **What do you like best about SecurityMetrics?** The integrated platform for vulnerability scans, network segmentation, and SAQ management makes the entire PCI compliance process feel cohesive and less stressful. **What do you dislike about SecurityMetrics?** Some vulnerability scanning settings aren’t available for self-configuration in the portal, so we have to contact support to make changes—this adds extra steps and can delay our workflow. **Recommendations to others considering SecurityMetrics:** Make sure to explore all their services—especially if you need both vulnerability scanning and SAQ guidance. Their bundled offerings can save you time and keep everything organized in one place. **What problems is SecurityMetrics solving and how is that benefiting you?** SecurityMetrics helps us manage the full PCI compliance lifecycle—from vulnerability scans and segmentation testing to completing the Self-Assessment Questionnaire (SAQ)—saving us significant time and reducing compliance risk. ### 28. Security Metrics has been wonderful to work with. **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Marketing and Advertising | Enterprise (> 1000 emp.) **Reviewed Date:** August 12, 2025 **What do you like best about SecurityMetrics?** They are knowledgeable about PCI and are wonderful about clarifying PCI requirements so that we can meet our compliance goals. **What do you dislike about SecurityMetrics?** Returning pen test hardware can take a bit of work sometimes. **What problems is SecurityMetrics solving and how is that benefiting you?** Security Metrics has done our PCI assessments and penetration testing for several years and we have had a wonderful working relationship with them. They have also helped with PCI questions between assessments so we have been able to avoid issues before they caused issues with our PCI certification. Their auditors are wonderful to work with and are willing to clarify any issues they find so they can be remediated. ### 29. Exceptional Service and Communication, Top-Notch QSA **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Financial Services | Small-Business (50 or fewer emp.) **Reviewed Date:** December 09, 2025 **What do you like best about SecurityMetrics?** Very easy to work with and very communicative. Best thing is the QSA that we've been working with for several years. Top notch. **What do you dislike about SecurityMetrics?** Nothing I can think of. They do a great job for our company. **Recommendations to others considering SecurityMetrics:** NA **What problems is SecurityMetrics solving and how is that benefiting you?** Maintain our PCI compliance. ### 30. PCI audit **Rating:** 4.5/5.0 stars **Reviewed by:** Zoltan V. | Enterprise (> 1000 emp.) **Reviewed Date:** October 10, 2025 **What do you like best about SecurityMetrics?** responsiveness, the QSA's willingness to educate and drive the actual understanding of the process **What do you dislike about SecurityMetrics?** that they are located in the USA! Not much else I can highlight **What problems is SecurityMetrics solving and how is that benefiting you?** PCI-DSS certification ### 31. PayForward has had a very positive experience with SecurityMetrics as our PCI Assessor **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Financial Services | Small-Business (50 or fewer emp.) **Reviewed Date:** August 09, 2025 **What do you like best about SecurityMetrics?** The SM PCI auditor is very skilled at explaining what is required, how the requirements meet PCI standards and why they are important, and in exploring threat scenarios, suggesting multiple approaches to meet PCI requirements, and even suggesting solutions that exceed PCI requirements. **What do you dislike about SecurityMetrics?** There is nothing our team dislikes about SecurityMetrics. **Recommendations to others considering SecurityMetrics:** PayForward recommends SecurityMetrics for PCI assessment services without hesitation. We also recommend their vulnerability scanning services as our ASV provider. **What problems is SecurityMetrics solving and how is that benefiting you?** SecurityMetrics assists PayForward in preparedness for annual PCI assessments and completing the assessments in a well-organized, fair and systematic manner. ### 32. SecurityMetrics Satisfaction **Rating:** 5.0/5.0 stars **Reviewed by:** Dirk W. | Mid-Market (51-1000 emp.) **Reviewed Date:** July 23, 2025 **What do you like best about SecurityMetrics?** They are established in the industry and provide us with what we need. **What do you dislike about SecurityMetrics?** There is nothing that I dislike about Security Metrics. **Recommendations to others considering SecurityMetrics:** I would give them a try to see if you can be as happy as we have been. **What problems is SecurityMetrics solving and how is that benefiting you?** They have provided a Penetration Test for us annually and we plan to continue using them in the future. ### 33. SecurityMetrics has been wonderful to work with **Rating:** 5.0/5.0 stars **Reviewed by:** Mark S. | Enterprise (> 1000 emp.) **Reviewed Date:** July 18, 2025 **What do you like best about SecurityMetrics?** SecurityMetrics representatives are excellent at communication, knowledgeability, response times, and project ownership. **What do you dislike about SecurityMetrics?** The website could be a little more intuitive in a few areas. **Recommendations to others considering SecurityMetrics:** Listen to Jen Stone's podcast ("The SecurityMetrics Podcast"). It's a great resource to help understand the depth of knowledge and resources their organization has. **What problems is SecurityMetrics solving and how is that benefiting you?** SecurityMetrics performs our annual PCI Compliance assessment and also our ASV scans ### 34. Excellent and kind customer service, very quick response times **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Financial Services | Small-Business (50 or fewer emp.) **Reviewed Date:** September 29, 2025 **What do you like best about SecurityMetrics?** Everyone I've encountered there has been helpful, knowledgeable, and kind. **What do you dislike about SecurityMetrics?** There isn't anything I dislike about SecurityMetrics. **Recommendations to others considering SecurityMetrics:** It's a great one-stop-shop option to fit multiple needs for us. **What problems is SecurityMetrics solving and how is that benefiting you?** Security Metrics helped us solve out quarterly scans, penetration testing needs, PCI requirements via the shopping cart monitor, and has made the PCI DSS SO much easier to complete with the digital format. ### 35. Great price for a great product **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Information Technology and Services | Mid-Market (51-1000 emp.) **Reviewed Date:** August 05, 2025 **What do you like best about SecurityMetrics?** They cater to your needs and budgets, are responsive, and have a great team. **What do you dislike about SecurityMetrics?** We've had some issues with contracts in the past and their terms are not negotiable for smaller companies so you get what you get with them. **What problems is SecurityMetrics solving and how is that benefiting you?** We've used SecurityMetrics for several things including an incident response retainer, tabletop testing, and PCI compliance scanning. Their pricing model is fair and the results are great. They can do high level things or down in the trenches and have solutions to fit all budgets. ### 36. Great experience with SecurityMetrics **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Computer Software | Mid-Market (51-1000 emp.) **Reviewed Date:** August 05, 2025 **What do you like best about SecurityMetrics?** Being able to schedule the recurring scans and knowing we will get a prompt response if we reach out to the team for anything. **What do you dislike about SecurityMetrics?** We had a small snafu with billing when we first kicked off with them but their team worked quickly to resolve it. **What problems is SecurityMetrics solving and how is that benefiting you?** SecurityMetrics handles our Vulnerability Scanning. Their platform is user friendly (easy to navigate, easy to use). We are able to schedule recurring scans which was a game changer for us. Their team is responsive, friendly, and so helpful. ### 37. Director of Restaurant Implementations and Support **Rating:** 5.0/5.0 stars **Reviewed by:** Javier G. | Mid-Market (51-1000 emp.) **Reviewed Date:** July 30, 2025 **What do you like best about SecurityMetrics?** They are always available to assist when needed. **What do you dislike about SecurityMetrics?** They can be a bit pricey, but you get what you pay for. **What problems is SecurityMetrics solving and how is that benefiting you?** They are performing my SAQ to ensure that I remain PCI Compliant. ### 38. Great Partner! **Rating:** 5.0/5.0 stars **Reviewed by:** Joshua C. | Mid-Market (51-1000 emp.) **Reviewed Date:** July 23, 2025 **What do you like best about SecurityMetrics?** Support and Products are Fantastic and easy to work with. **What do you dislike about SecurityMetrics?** There is nothing that I dislike about our relationship. **Recommendations to others considering SecurityMetrics:** Get a full list of services they can offer **What problems is SecurityMetrics solving and how is that benefiting you?** Internal Security Scans, External Pen Testing, PCI Compliance ### 39. Have used Security Metrics services for several years and we have been very satisfied **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Financial Services | Small-Business (50 or fewer emp.) **Reviewed Date:** July 22, 2025 **What do you like best about SecurityMetrics?** Responsive, knowledgeable and thorough when carrying out the assessments **What do you dislike about SecurityMetrics?** I don't have anything specific to suggest **Recommendations to others considering SecurityMetrics:** As with any other audit, it is important to be organised and have policies and procedures documented ready for the audit to begin. We always try to have all documents and evidence uploaded to the audit portal prior to the audit onsite. **What problems is SecurityMetrics solving and how is that benefiting you?** We use SM for PCI-DSS and PCI-3DS security assessments ### 40. Great QSA and Trusted Expert **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Financial Services | Enterprise (> 1000 emp.) **Reviewed Date:** July 29, 2025 **What do you like best about SecurityMetrics?** Our QSA is very knowledgeable and helpful. He is always willing to jump on a call to walk through a question and provide guidance. **What do you dislike about SecurityMetrics?** I do not have any concerns at this time. **Recommendations to others considering SecurityMetrics:** I highly recommend Security Metrics! They have been great to work with and are professional and knowledgeable. **What problems is SecurityMetrics solving and how is that benefiting you?** We use Security Metrics to help ensure PCI compliance ### 41. Easy to navigate **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Retail | Mid-Market (51-1000 emp.) **Reviewed Date:** July 23, 2025 **What do you like best about SecurityMetrics?** Easy to navigate and the need with help is readily available. **What do you dislike about SecurityMetrics?** Sometimes navigating through the screens for what has and has not been completed. **Recommendations to others considering SecurityMetrics:** Contains all information to complete SAQ's **What problems is SecurityMetrics solving and how is that benefiting you?** Getting our departments the information and help they need to be compliant. ### 42. PCI-DSS certification for financial iundustry. **Rating:** 3.5/5.0 stars **Reviewed by:** Sambit M. | Lead Software Engineer, Mid-Market (51-1000 emp.) **Reviewed Date:** September 27, 2023 **What do you like best about SecurityMetrics?** As PCI compliance requires continuous monitoring and maintenance, the best part of SecurityMetrics is on going monitoring . **What do you dislike about SecurityMetrics?** Vulnerability scanning can be better as current scan does not cover all types of scanning. **What problems is SecurityMetrics solving and how is that benefiting you?** Analyzing the gap for PCI-DSS. ### 43. SecurirtyMetrics **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Health, Wellness and Fitness | Small-Business (50 or fewer emp.) **Reviewed Date:** April 20, 2018 **What do you like best about SecurityMetrics?** Security Metrics is a great program. It is easy to use and permits compliance to HIPAA and securing confidential information. **What do you dislike about SecurityMetrics?** There was nothing that I did not like. Overall great program. **What problems is SecurityMetrics solving and how is that benefiting you?** credit card processing/confidentiality of patient information. ## SecurityMetrics Discussions - [What is SecurityMetrics PCI Compliance used for?](https://www.g2.com/discussions/what-is-securitymetrics-pci-compliance-used-for) - [View SecurityMetrics pricing details and edition comparison](https://www.g2.com/products/securitymetrics-securitymetrics/reviews?qs=pros-and-cons§ion=pricing&secure%5Bexpires_at%5D=2026-06-25+19%3A10%3A13+-0500&secure%5Bsession_id%5D=9fef5143-a8f4-41f0-9059-57f7ff0435b5&secure%5Btoken%5D=be982a0df3c037e5446b247ef5706ebd0e443e332631f0ce9be497ca78f49f70&format=llm_user) ## SecurityMetrics Features **Planning** - Needs Assessment - Resource Allocation - Stayed within Budget - Statement of Work - Best Practices **Agentic AI - Penetration Testing** - Autonomous Task Execution - Multi-step Planning - Adaptive Learning - Natural Language Interaction **Delivery** - Technical Expertise - Met Deadlines - Meeting Management - Project Updates - Scope Management - Roll-out **Team Quality** - Change Management Skills - Executive Presence - Vertical Expertise - Technology Partnerships ## Top SecurityMetrics Alternatives - [Insight Assurance](https://www.g2.com/products/insight-assurance/reviews) - 4.8/5.0 (134 reviews) - [SHI](https://www.g2.com/products/shi/reviews) - 4.7/5.0 (116 reviews) - [Johanson Group](https://www.g2.com/products/johanson-group/reviews) - 4.9/5.0 (104 reviews)