Prerequisites
Before you begin, ensure you have:- A Kliper account (sign up at app.kliper.io using email, Google, GitHub, or Microsoft)
- Your QSA firm details (company name, address, website)
- At least one client’s basic information (company name, primary contact)
Step 1 — Create Your Organization
Your Organization is the top-level workspace for your QSA firm. All clients, engagements, assessments, team members, and files live within it.Navigate to Onboarding
After signing in for the first time, you are directed to the onboarding screen. If you already have an account, navigate to Settings > Organization to view your workspace.
Enter Organization Details
Fill in the following fields:
The slug must be lowercase, alphanumeric with hyphens only, and at least 3 characters.
| Field | Description | Example |
|---|---|---|
| Organization Name | Your QSA firm or team name | Acme Security Assessors |
| Workspace Slug | URL-friendly identifier (auto-generated from name, editable) | acme-security |
| Framework | Pre-selected to PCI DSS 4.0 (locked) | PCI DSS 4.0 |
Each user can belong to one active organization. If your firm has multiple divisions, each operates as a separate organization with its own data isolation.
Step 2 — Add Your First Client
A Client represents the merchant or entity you are assessing. Client records carry PCI-relevant context through every engagement.Open the Engagement Hub
From the left sidebar, navigate to Engagement Hub. This is your central dashboard for managing clients and engagements.
Click New Client
Click the + New Client button in the top-right corner. The Create Client dialog opens.
Enter Client Details
At minimum, enter the Client Name. For a more complete setup, fill in:
PCI-specific fields (Merchant Level, Annual Transaction Volume, Acquirer Name) can be filled now or later from the client profile.
| Field | Purpose |
|---|---|
| Company Name | Legal entity name (appears in the ROC) |
| Industry | Classification (e.g., Retail, Financial Services, Healthcare) |
| Primary Contact | Name, email, and phone of your main point of contact |
| Address | Mailing address for the assessed entity |
Step 3 — Create a Letter of Engagement (LOE)
The LOE defines the contractual scope, timeline, and financial terms for the assessment engagement. Every assessment must belong to an LOE.Open the Client Profile
In the Engagement Hub, click on your client’s name to open their profile page.
Fill in Core Fields
The essential fields to get started are:
The platform auto-generates a unique LOE Number (e.g.,
| Field | Required | Description |
|---|---|---|
| Title | Yes | Descriptive name (e.g., “2026 Annual PCI DSS ROC”) |
| Start Date | Yes | Engagement start date |
| End Date | Yes | Engagement end date |
| Contract Value | No | Total engagement fee |
LOE-2026-001).Set Milestone Dates (Optional)
Expand the Timeline section to define key project milestones:
- Kickoff Date
- Onsite Start / End Dates
- Draft Report Date
- Remediation Window (Start / End)
- QA Review Window (Start / End)
- Final Report Date
Step 4 — Launch an Assessment
The Assessment is where the actual PCI DSS evaluation happens. Creating one loads the full set of 200+ testing procedures into the workbench.Complete the Wizard
The wizard walks you through 5 steps:
- Assessment Type & Framework — Select the assessment type. The framework is pre-set to PCI DSS 4.0.1.
- Basic Info — Enter a name and optional description.
- Due Date & Owner — Set the target completion date and assign a lead assessor.
- Collaborators — Search and add team members who will work on the assessment.
- Review & Create — Confirm all details and click Create.
Step 5 — Navigate the Assessment Workbench
The workbench opens with a three-panel layout:| Panel | Location | What You See |
|---|---|---|
| Section Tree | Left | All 12 PCI DSS principal requirements in a collapsible hierarchy |
| Question Panel | Center | Testing procedures, reporting instructions, and answer fields for the selected requirement |
| Context Panels | Right | Cortex AI, Attachments, Comments, Collaborators, Gap Assessment, Audit Trail |
Select a Requirement
In the Section Tree, expand a requirement group (e.g., Requirement 1 — Network Security Controls) and click a sub-requirement to load it in the center panel.
Answer Testing Procedures
Each requirement presents its testing procedures. Type your assessor response in the structured fields provided.
Set the Finding Status
Select the assessment finding for each requirement:
- In Place — requirement is fully met
- Not Applicable — does not apply to the assessed environment
- Not Tested — requirement was not evaluated
- Not in Place — requirement is not met
Upload Evidence
Open the Attachments panel on the right side. Drag and drop evidence files (PDFs, screenshots, configuration exports) directly into the upload area. Files are automatically scanned for malware and hashed for integrity.
What’s Next
With your first assessment open, you are ready to begin the evaluation. Here are the recommended next steps:Evidence Management
Learn how to upload, tag, and validate evidence files.
Client & Engagement Management
Complete your client profile and LOE with scope, financials, and milestone details.
Gap & Risk Analysis
Monitor assessment progress with real-time gap and risk dashboards.
User Management & RBAC
Invite team members and configure access roles.