Internal Scans: Internal scans must be performed from inside the organization’s network from multiple locations to know about the security system within the card holder data environment. These scans will point out flaws and will give you a review of your internal security that might get exploit by attackers, once they get their hands on it.
When is a PCI Scan required? PCI scan must at least be performed on quarterly basis. To make the system extra secure the quarterly scans should be supplemented with scans in between quarters; other than this, it is necessary to perform scans whenever any changes are made to the card holder data system.