This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Find out more here

United Kingdom

Select your regional store:


PCI (PCI DSS) Consultancy Services

Whether your organisation is a merchant or a service provider, our QSAs and PCI DSS experts can help you to improve your cyber security and comply with the contractual requirements of the PCI DSS in the shortest timeframe and for the minimum cost.

Discover how our PCI consultants can help your PCI project, email us or call +44 (0) 845 070 1750 today.

PCI compliance and assessment products and services

↙ ↘


Download our PCI brochure to discover our all-encompassing PCI business solutions.


QSA services

As a certified QSA company, we offer PCI compliance audits led by our QSA. We have a team of supporting consultants who are experts on PCI DSS issues including scoping and gap analysis. Merchants and service providers that are required to use a certified QSA can take advantage of IT Governance’s services. Find out more here >>>

PCI DSS consultancy support

The path to PCI DSS compliance can be daunting to those who have little or no knowledge of the Standard. IT Governance consultants can produce a structured framework, agreed from the outset with your organisation, which ensures effective use of in-house resources as well as expenditure control. IT Governance is ideally positioned to provide assistance in the compliance process, relieving pressure while enabling organisations to continue business operations effectively.

Before commencing the PCI DSS process, it is worth noting that, in addition to its PCI DSS expertise, IT Governance has an extensive history of ISO/IEC 27001 implementation. Mapping ISO 27001 to the PCI DSS should be given serious consideration at an early stage.

Key stages of the PCI DSS consultancy project


Evaluate your current business processes

IT Governance can evaluate and suggest alternative processes for your business to reduce resources and expenditure during the compliance process. For example, all too often organisations store cardholder data for convenience, not for business purposes. A consultant may, if business practices permit, advise against storing cardholder data, therefore immediately eliminating Requirement 3 of the Standard – “Protect stored cardholder data”.

PCI DSS scoping and gap analysis

The gap analysis stage compares where your organisation currently stands to where it needs to be in order to meet the full requirements of the Standard. We will also identify where cardholder data is stored, processed or transmitted within your environment (mapping out your cardholder data flows). This process will identify your cardholder data environment (CDE), your ‘scope’ for PCI DSS compliance. At this early stage we can work with you to reduce the scope, ultimately resulting in reduced resources and expenditure.

Implementation and remediation

Following the gap analysis stage, IT Governance can assist in the design and implementation of an internal PCI DSS project team within your organisation, which will ultimately be responsible for undertaking the remediation work to achieve compliance. This will save you having to contract external remediation consultants. Of course, IT Governance can be on hand to attend regular checkpoint meetings to ensure that the project remains focused and on track. We can also provide support with the creation of the relevant documentation required for compliance (e.g. policies and procedures).

Penetration testing

IT Governance provides a wide range of penetration testing packages to suit the needs – and budgets – of organisations of all types and sizes, as well as the PCI DSS compliance requirements of merchants and service providers.

Service level agreements (SLAs) with service providers.

All merchants must ensure that their service providers are PCI DSS-compliant, or are at least working towards compliance. Merchants are frequently subject to breach investigations because of the inadequacies of their service providers (e.g. web hosting companies), whose failure to comply with the PCI DSS places the merchant in a vulnerable position and open to fraudulent activity. IT Governance will ensure your organisation fully understands both your own and your service providers’ responsibilities, reducing and managing risks to decrease the likelihood of a breach.

PCI compliance audit and Report on Compliance (ROC)

It Governance will undertake a QSA audit to conduct a thorough assessment of the controls you have implemented and to establish whether they meets the requirements of the PCI DSS.

Validation: Self-Assessment Questionnaire

Merchants (levels 2, 3, and 4) and service providers (level 3) must self-evaluate their compliance with the PCI DSS by completing a self-assessment questionnaire. All too often, merchants and service providers do not fully understand the intent of the PCI DSS requirements, leading to an inaccurate SAQ result. IT Governance PCI DSS experts fully understand each requirement, enabling a swift and comprehensive completion of the SAQ.

PCI DSS Training

IT Governance’s experienced PCI DSS trainers can tailor courses for your specific requirements. We can deliver bespoke training for absolute beginners to the Standard and more in-depth group involvement training, where we will evaluate all your individual requirements and ascertain how you can implement measures in your specific environment to become compliant.

IT Governance also offers public courses on PCI DSS compliance that examine the drivers and need for adoption of the Standard, and how best to go about achieving compliance to serve both the requirements of the PCI DSS and your business objectives.

Why use IT Governance?

Selecting the best Qualified Security Assessor (QSA) is critical. The right QSA can help identify and address security risks successfully, while meeting your organisation’s needs and budget.

  • As an approved QSA company, IT Governance adheres to a number of rigorous business and technical requirements as specified by the PCI SSC.
  • Our extensive expertise in PCI and ISO 27001 means we can help you cost-effectively integrate your ISMS with other security frameworks.
  • Our ability to translate concepts into business terms sets us apart from the rest.
  • We deliver a cost-effective route to compliance: no organisation is too big or too small – we can help organisations of any size or budget.
  • We offer a comprehensive security solution due to our extensive ISO 27001, PCI, penetration testing and business continuity management/disaster recovery expertise.
  • We can provide you with products and support to ‘do it yourself’, with our PCI documentation toolkits, guides, publications, training and staff awareness courses.
  • We possess deep technical knowledge and information security expertise.
  • Our independent and unbiased advice means we are not affiliated with software providers, and we leverage your existing technology where possible.
  • As a CREST member company, IT Governance has been verified as meeting the rigorous standards mandated by CREST. Clients can rest assured that the work will be carried out to rigorous standards by qualified and knowledgeable individuals.
  • We offer fixed-price as well as bespoke penetration testing services, enabling you to easily select the solution appropriate to your needs and budget.

Whatever your PCI DSS consultancy support requirements, we are just a phone call away.

Email us, asking for PCI QSA audit services, PCI DSS Training or PCI DSS Consultancy support, or telephone: +44 (0)845 070 1750.


BUY Books

PCI DSS A Pocket Guide

Buy now

live chat support software