QSA Practice

Data Protection People maintains a dedicated QSA Practice, that sits within our PCI and Information Security devision. Our QSA Practice is engaged by retail brands, payment service providers, and multinational organisations (including commercial and domestic energy), to provide experienced Quality Security Assessors that understand complex technical environments.

Our QSA team has a thorough technical grounding, and vast operational experience with modern technologies, including complicated virtualised environments.

Contacting our PCI Practice

Our Lead QSA is Thomas Chappelow. His team can be contacted via:

Email: [email protected] or Telephone: 0345 340 5412

Our PCI DSS Services

Scope Identification and Reduction

Identifying the scope of your Cardholder Data Environment is a vital part of PCI DSS compliance. Our PCI Qualified Security Assessors (QSA) will help you to correctly scope your environment, and work with you to identify areas for reduction of the scope–saving you money and assessment time.

Gap Analysis

An experienced QSA will conduct an on-site assessment to identify key areas of weakness within your Cardholder Data Environment. At the end of the Gap Analysis, you will receive a report detailing your current strengths and weaknesses, complete with actionable points. This report will provide you with the information you need to minimise the risk of non-compliance during a PCI DSS assessment.


After we have identified your scope, helped to reduce it, and completed a Gap Analysis, our Qualified Security Assessors can work with you to fix the issues identified: a process known as remediation. This remediation work puts your organisation in a position to achieve PCI DSS compliance, and could include the completion of the PCI-sponsored Prioritised Approach.

Formal Assessment

Each year, you must complete a formal assessment of your PCI DSS compliancy. The type of assessment that must be completed depends on the merchant or service provider compliance level that your organisation is determined to be, but will either be a Self Assessment Questionnaire, or a Report on Compliance. Both of these assessment types result in a formal Attestation of Compliance.

Data Protection People offer both QSA-led Self Assessment Questionnaires, and QSA-led Reports on Compliance. As a PCI Security Standards Council-authorised QSA Company, we are able to issue formal Attestations of Compliance.

Why Choose Us?

The QSA delivery team has a thorough technical grounding, and is able to operate effectively within your IT estate and payment platforms. Our team has experience with modern technologies, including complex virtualised environments, and hold industry qualifications such as: PCI Qualified Security Assessor, CESG Certified Professional, Certified Information Systems Auditor, ISO/IEC 27001 Lead Auditor, Certified Information Systems Security Professional, and Cisco Certified Internetwork Expert.