ControlCase is a United States-based company headquartered in Fairfax, Virginia, with offices in North America, Europe, Asia/Pacific, and the Middle East. The company provides Compliance as a Service (CaaS) and specializes in IT governance, risk management, and compliance management (IT-GRCM) solutions. The company focuses primarily on PCI DSS compliance services and holds certifications as an Approved Scanning Vendor (ASV) and PCI DSS Qualified Security Assessor (QSA), and provides PA DSS and P2PE certifications. ControlCase has experience across all aspects of the card business, including acquiring and issuing sides, and works with member card organizations like VISA/MasterCard, member banks, third-party processors, ISOs, DSEs, IPSPs, and BPOs/KPOs. ControlCase offers compliance and assessment services for multiple regulatory frameworks and standards including PCI DSS, ISO 27001/2, SOX, GLBA, HIPAA, FISMA, COBIT, BITS SIG/AUP, J-Sox, and TG3. Their service portfolio includes compliance certifications, vendor risk management, on-site assessments, network security and vulnerability assessments, penetration testing, web and application security assessments, wireless and communications security assessments, and policy and procedure development. The company serves organizations of various sizes, including large, medium, and small companies, as well as federal and state government agencies. ControlCase employs professionals with backgrounds from Big4 audit firms and Fortune 500 companies, providing audit, compliance, and risk management expertise through managed compliance solutions supported by software products and hardware appliances.