QSA Practice

We maintain a dedicated QSA Practice, that sits within our PCI and cyber security division, Data Security People. Our QSA Practice is engaged by retail brands, payment service providers, and FTSE100 companies (including commercial and domestic energy), to provide experienced Quality Security Assessors that understand complex technical environments in fast-paced industries.

Our QSA team has a thorough technical grounding, and vast operational experience with modern technologies, including complicated virtualised environments.

Contacting our PCI Practice

Our Lead QSA is Thomas Chappelow. His team can be contacted via:

Email: [email protected] or Telephone: 0345 340 5412

PCI DSS Services

Scope Identification and Reduction

Identifying the scope of your Cardholder Data Environment is a vital part of PCI DSS compliance. Our PCI Qualified Security Assessors (QSA) will help you to correctly scope your environment, and work with you to identify areas for reduction of the scope–saving you money and assessment time.

Gap Analysis

An experienced QSA will conduct an on-site assessment to identify key areas of weakness within your Cardholder Data Environment. At the end of the Gap Analysis, you will receive a report detailing your current strengths and weaknesses, complete with actionable points. This report will provide you with the information you need to minimise the risk of non-compliance during a PCI DSS assessment.


After we have identified your scope, helped to reduce it, and completed a Gap Analysis, our Qualified Security Assessors can work with you to fix the issues identified: a process known as remediation. This remediation work puts your organisation in a position to achieve PCI DSS compliance, and could include the completion of the PCI-sponsored Prioritised Approach.

Formal Assessment

Each year, you must complete a formal assessment of your PCI DSS compliancy. The type of assessment that must be completed depends on the merchant or service provider compliance level that your organisation is determined to be, but will either be a Self Assessment Questionnaire, or a Report on Compliance. Both of these assessment types result in a formal Attestation of Compliance.

Data Security People offer both QSA-led Self Assessment Questionnaires, and QSA-led Reports on Compliance. As a PCI Security Standards Council-authorised QSA Company, we are able to issue formal Attestations of Compliance.

Why Choose Us?

The QSA delivery team has a thorough technical grounding, and is able to operate effectively within your IT estate and payment platforms. Our team has experience with modern technologies, including complex virtualised environments, and hold industry qualifications such as: PCI Qualified Security Assessor, NCSC Certified Information Assurance Auditor, ISACA Certified Information Systems Auditor and Certified Information Security Manager, Certified Information Systems Security Professional, and ISO 27001 Lead Auditor and Implementer.