This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Find out more here

Jump to navigation

PCI QSA Services

The PCI Security Standards Council (PCI SSC) manages a programme to train and certify organisations and individuals to assess and validate adherence to PCI DSS Security Standards. These organisations are called Qualified Security Assessor (QSA) companies and they employ trained individuals who are Qualified Security Assessors.

In our capacity as an approved QSA company, our principle role is to ensure that an organisation is fully compliant to the requirements as specified in the Payment Card Industry Data Security Standard.

Download our PCI brochure to discover our all-encompassing PCI business solutions.

All Qualified Security Assessor (QSA) companies must comply and adhere to a number of rigorous business and technical requirements as specified by the PCI SCC. For further information, please review the document, PCI DSS Validation Requirements for Qualified Security Assessors (QSA) Version.

Our status as an approved QSA company underpins our range of PCI DSS consultancy services which include project scoping, gap analysis, remediation support and audit. IT Governance Ltd is therefore able to provide the full range of PCI QSA services:

  • Defining Scope of Assessment - identifying all of the payment card data locations and flows
  • Gap Analysis – assessing your organisation’s security stance in comparison to the requirements of the current version of the PCI DSS, identifying gaps and describing the steps that will enable you to meet your compliance objectives.
  • Remediation services – we can deploy our information security consultancy skills, combined with our PCI DSS knowledge, to help you carry out any remediation that might be necessary to bring your card holder data environment (CDE) into compliance with PCI DSS
  • Formal QSA Audit where required by PCI Level 1 Service Providers and Merchants

Compliance with PCI DSS v3.0

The PCI Security Standards Council (PCI SSC) has released version 3 of both the PCI Data Security Standard (PCI DSS) and the Payment Application Data Security Standard (PA-DSS). Published on 7 November 2013, this marks the end of one lifecycle and the start of the next three-year cycle for the standard. The changes will help companies make PCI DSS part of their normal business activities by introducing more flexibility, and an increased focus on education, awareness and security as a shared responsibility. Find out more about PCI DSS v3.0 here >>>

Organisations have been allowed 14 months to transition from version 2 to version 3 until PCI DSS v3.0 becomes mandatory in 2015. As an approved QSA company, IT Governance is ideally positioned to help organisations comply with either versions and help them transition to v3.0 in due course. For more information call us on +44 (0)845 070 1750 or email

Why Choose IT Governance as your PCI QSA?

1. Delivering a Cost Effective Route to Compliance

PCI DSS applies to all organisations worldwide that transmit, process or store payment card data. This applies to the smallest merchant handling a few orders to the largest service provider processing millions of transactions on behalf of other businesses. What matters to all organisations is effective, timely compliance and maintenance of the PCI DSS standard delivered within an acceptable budget.

At IT Governance, we understand that no single business is the same and we offer a range of PCI consultancy services:

  • Smaller Business - An affordable and accessible service including LiveOnline telephone advice (minimum: one hour) that can be booked when required, initial scoping, remediation, and comprehensive advice on the Self-Assessment Questionnaire (SAQ). Our unique PCI DSS documentation toolkit provides a complete package of the required policy and procedure document templates
  • Larger Business - Extensive on-site and remote services offering full scoping, gap, remediation advice and QSA audit, particularly focused on providing on-site scoping assessments and comprehensive gap analysis. We are known for our expertise in validating and assessing compensating controls that apply to legacy systems or unique IT infrastructure.

2. Deep Technical Knowledge and Skills

PCIS DSS is a technical information security standard and achieving compliance requires knowledge and practical experience of network architecture, application data handling, databases, storage, system security and many other IT and business functions. It also requires a complete understanding of the requirements of the PCI DSS standard and customised PCI DSS requirements of individual payment brand companies and banks. Our team of QSA consultants are CISSP-qualified and have an extensive understanding of cardholder data flows, payment card systems and IT security.

3. Independent and Unbiased Advice

Satisfying the requirements of PCI DSS often needs the purchase of specialised software and hardware security products. Since the introduction of the standard in 2005, many vendors of these products have developed their own PCI QSA and consultancy services. While their advice may be technically correct, it will of course be biased toward the purchase of the vendor’s respective remediation solutions. At IT Governance, our policy is to offer impartial advice that is independent and unbiased with respect to any specific commercial products.

4. Extensive PCI Compliance Experience and Business Knowledge

IT Governance has been trusted to deliver its PCI consultancy services to a large number of commercial and not for profit organisations throughout the world. Our clients range from well-known corporate entities to small- and medium-sized businesses positioned in Government, Health Service, Financial Services, IT Services and E-Commerce markets. These include SuperGroup plc., Shop Direct Group, The Institute of Directors and the Chartered Institute of Building.

We have a particular in-depth knowledge of e-commerce systems which is based both on our client work and our own experience of operating seven e-commerce websites serving markets in the UK, Europe, Asia and the US.

The key to our success is not just an understanding of the technical requirements of PCI DSS but an absolute commitment to understanding how a business works. Our pragmatic approach focuses on helping organisations improve the efficiency of payment card methodologies while achieving and maintaining PCI DSS compliance. This approach is consistent with the new PCI DSS version 3, which recommends that organisations build PCI into everyday business processes to ensure continual compliance and ease the burden of proving compliance at an annual QSA audit.

5. Integration and compliance with ISO27001

ISO/IEC 27001:2013 is the international management standard that helps businesses and organisations throughout the world develop a best-in-class information security management system. It also helps companies develop effective information security and win more business by demonstrating this effectiveness to other companies. Many of the mitigating information security controls as defined in PCI DSS map directly to the controls in ISO27001. As a leading ISO27001 consultancy, IT Governance is a specialist in the integration and full compliance of PCI DSS and ISO27001.

You can find more information on PCI DSS and our full range of products and services on our PCI DSS Information

To find out how we can help you organisation achieve and maintain PCI DSS compliance, please Email us or telephone + 44 (0)845 070 1750 to speak with a member of our team today.

+44 (0) 845 070 1750
live chat support software