This website uses cookies. View our cookie policy
Select regional store:

PCI QSA Services

The PCI Security Standards Council (PCI SSC) manages a programme to train and certify organisations and individuals to assess and validate adherence to PCI DSS Security Standards. These organisations are called Qualified Security Assessor (QSA) companies and they employ trained individuals who are Qualified Security Assessors.

In our capacity as an approved QSA company, our principle role is to ensure that an organisation is fully compliant to the requirements as specified in the Payment Card Industry Data Security Standard.


Download our PCI brochure to discover our all-encompassing PCI business solutions.

All Qualified Security Assessor (QSA) companies must comply and adhere to a number of rigorous business and technical requirements as specified by the PCI SCC. For further information, please review the document, PCI DSS Validation Requirements for Qualified Security Assessors (QSA) Version.

Our status as an approved QSA company underpins our range of PCI DSS consultancy services which include project scoping, gap analysis, remediation support and audit.

PCI compliance and assessment products and services



Why choose IT Governance as your PCI QSA?

1. Delivering a cost-effective route to compliance

PCI DSS applies to all organisations worldwide that transmit, process or store payment card data. This applies to the smallest merchant handling a few orders to the largest service provider processing millions of transactions on behalf of other businesses. What matters to all organisations is effective, timely compliance and maintenance of the PCI DSS standard delivered within an acceptable budget.

At IT Governance, we understand that no single business is the same and we offer a range of PCI consultancy services:

  • Smaller business - An affordable and accessible service including LiveOnline telephone advice (minimum: one hour) that can be booked when required, initial scoping, remediation, and comprehensive advice on the Self-Assessment Questionnaire (SAQ). Our unique PCI DSS documentation toolkit provides a complete package of the required policy and procedure document templates
  • Larger business - Extensive on-site and remote services offering full scoping, gap, remediation advice and QSA audit, particularly focused on providing on-site scoping assessments and comprehensive gap analysis. We are known for our expertise in validating and assessing compensating controls that apply to legacy systems or unique IT infrastructure.

2. Deep technical knowledge and skills

PCIS DSS is a technical information security standard and achieving compliance requires knowledge and practical experience of network architecture, application data handling, databases, storage, system security and many other IT and business functions. It also requires a complete understanding of the requirements of the PCI DSS standard and customised PCI DSS requirements of individual payment brand companies and banks. Our team of QSA consultants are CISSP-qualified and have an extensive understanding of cardholder data flows, payment card systems and IT security.

3. Independent and unbiased advice

Satisfying the requirements of PCI DSS often needs the purchase of specialised software and hardware security products. Since the introduction of the standard in 2005, many vendors of these products have developed their own PCI QSA and consultancy services. While their advice may be technically correct, it will of course be biased toward the purchase of the vendor’s respective remediation solutions. At IT Governance, our policy is to offer impartial advice that is independent and unbiased with respect to any specific commercial products.

4. Extensive PCI compliance experience and business knowledge

IT Governance has been trusted to deliver its PCI consultancy services to a large number of commercial and not for profit organisations throughout the world. Our clients range from well-known corporate entities to small- and medium-sized businesses positioned in Government, Health Service, Financial Services, IT Services and E-Commerce markets. These include SuperGroup plc., Shop Direct Group, The Institute of Directors and the Chartered Institute of Building.

We have a particular in-depth knowledge of e-commerce systems which is based both on our client work and our own experience of operating seven e-commerce websites serving markets in the UK, Europe, Asia and the US.

The key to our success is not just an understanding of the technical requirements of the PCI DSS but an absolute commitment to understanding how a business works. Our pragmatic approach focuses on helping organisations improve the efficiency of payment card methodologies while achieving and maintaining PCI DSS compliance. This approach is consistent with the new version of PCI DSS , which recommends that organisations build PCI into everyday business processes to ensure continual compliance and ease the burden of proving compliance at an annual QSA audit.

5. Integration and compliance with ISO27001

ISO/IEC 27001:2013 is the international management standard that helps businesses and organisations throughout the world develop a best-in-class information security management system. It also helps companies develop effective information security and win more business by demonstrating this effectiveness to other companies. Many of the mitigating information security controls as defined in PCI DSS map directly to the controls in ISO27001. As a leading ISO27001 consultancy, IT Governance is a specialist in the integration and full compliance of PCI DSS and ISO27001.

You can find more information on PCI DSS and our full range of products and services on our PCI DSS Information page

6. CREST-accredited penetration tests deliver a comprehensive approach to security

Our CREST-accredited penetration testing (pen tests) can give you and your management peace of mind by assuring you that your websites and networks are secure against attack. As a CREST member company IT Governance has been verified as meeting the rigorous standards for penetration testing mandated by CREST. Clients can rest assured in the knowledge that the tests conducted are carried out to rigorous standards by qualified and knowledgeable individuals. Read more about our penetration testing packages.

To find out how we can help you organisation achieve and maintain PCI DSS compliance, please email us or telephone 00 800 48 484 484 to speak with a member of our team today.