Products & Services


A PCI assessment is an audit for validating compliance with the Payment Card Industry Data Security Standard (PCI DSS), a set of security standards for merchants who accept, process, store or transmit credit card information.

PCI DSS Services

Areas of assistance

We can help with all aspects of the PCI DSS including as set out below:

PCI DSS scope review and reduction

Review of the scope of PCI DSS coverage and report into scope reduction

PCI DSS gap analysis

Detailed review of the people, processes and technologies involved in your payment card processing and a review of your compliance with the applicable PCI DSS requirements leading to a report on compliance gaps and recommended remedial action

PCI DSS Assisted SAQ

Assistance with the completion of a PCI DSS self-assessment questionnaire

PCI DSS Assessment and RoC

QSA-led compliance assessment resulting in a report on compliance (RoC) and attestation of compliance (AoC) suitable for submission to your acquiring bank

PCI DSS Prioritized Approach

Experienced PCI DSS consultant monitoring and advising on your PCI DSS prioritized approach program

PCI DSS remediation work

Help implementing your PCI DSS compliance remediation plan

PCI DSS consultancy

Advice and consultancy on the PCI DSS

PCI DSS help desk

Advice line handling PCI DSS-related queries


You may also be interested in

Data Protection People maintains a dedicated QSA Practice, that sits within our PCI and Information Security division. Our QSA Practice is engaged by retail brands, payment service providers, and multinational organisations, to provide experienced Qualified Security Assessors that understand complex technical environments.

  • Datawise - Database system for managing PCI DSS compliance

  • Document Set - Document templates for PCI DSS compliance management


Scope Identification and Reduction

Identifying the scope of your Cardholder Data Environment is a vital part of PCI DSS compliance. Our PCI Qualified Security Assessors (QSA) will help you to correctly scope your environment, and work with you to identify areas for reduction of the scope–saving you money and assessment time.


Gap Analysis

An experienced PCI DSS expert will conduct an on-site assessment to identify areas of non-compliance with the PCI DSS.

At the end of the assessment, you will receive a report detailing your current strengths, weaknesses and compliance gaps, along with actionable points. This report will provide you with the information you need to minimise the risk of non-compliance with the PCI DSS.

A Gap Analysis is most useful for those completing SAQs who have no formal external assessment and verification such as a RoC. Provides peace of mind that SAQs are being completed correctly.


QSA-led RoC

If you process a large volume of card transactions you will be required to engage a QSA company to undertake a formal external assessment.

We’re licensed to perform such assessments and will send one of our QSAs to carry out an assessment of your card holder data environment and produce a Report of Compliance (RoC) that you can submit to your acquiring bank.

We’ll review evidence of compliance and provide useful advice along the way. The Attestation of Compliance we produce can be used to provide to others to demonstrate that you are PCI DSS compliant.


Formal Assessment

Each year, you must complete a formal assessment of your PCI DSS compliancy. The type of assessment that must be completed depends on the merchant or service provider compliance level that your organisation is determined to be, but will either be a Self Assessment Questionnaire, or a Report on Compliance.

Both of these assessment types result in the issuing of an Attestation of Compliance. Data Protection People offer both QSA-led Self Assessment Questionnaires, and QSA-led Reports on Compliance. As a PCI Security Standards Council-authorised QSA Company, we are able to issue formal Attestations of Compliance.


Why Choose Us?

The QSA delivery team has a thorough technical grounding and can operate effectively within your IT estate and payment platforms. Our team has experience with modern technologies, including complex virtualised environments, and hold industry qualifications such as: PCI Qualified Security Assessor, CESG Certified Professional, Certified Information Systems Auditor, ISO/IEC 27001 Lead Auditor, Certified Information Systems Security Professional, and Cisco Certified Internetwork Expert.

PCI DSS Service Provider

Book a chat with our team

Our QSA team has a thorough technical grounding, and vast operational experience with modern technologies, including complex virtualised environments. If you would like to learn more about our PCI DSS services reach out to one of our team and we can discuss the many ways we can support you.

Get in touch

We're here to help guide you through the complexities of data protection, and help make it easy to implement. Get in touch with our world-class team today, to see how we can assist you and your organisation with every aspect of data privacy compliance.

We're are specialists in data privacy compliance management, information governance, and information security management. Through our security consulting services, we helping organisations across Europe to secure their most important asset – their data.

Get in touch with our team by completing the form, by phone, email, or in person at our office or yours. We're open Monday - Friday, 08:30am to 5:30pm GMT.

Tel: 0113 869 1290


"*" indicates required fields