PCI DSS Report on Compliance

Experienced PCI DSS Qualified Security Assessors providing full Reports on Compliance for merchants and service providers.

Book your ROC


Your merchant assessment will be performed by a Qualified Security Assessor that has been appointed by the PCI Security Standards Council.

This service is designed for Level 1 and Level 2 merchants that must submit a Report on Compliance to their acquirer.

Our QSA team works to accurately validate your scope, before conducting thorough testing activities on your systems and infrastructure, during which we’ll generate detailed work papers. Your assessment will result in a formal report that attests to your compliance with the PCI DSS.

Learn more

Service Providers

Your service provider assessment will be performed by a Qualified Security Assessor that has been appointed by the PCI Security Standards Council, and who has experience with the validation of processors, acquirers, issuers, and service providers.

Just like a merchant assessment, our QSA team will conduct thorough testing activities from which they will generate detailed work papers.

At the end of the assessment, we’ll help you to become a member of the VISA global registry of service providers.

Learn more

Data Security People is trusted by:

Key benefits

With independent validation of your security controls, you can demonstrate your PCI DSS compliance to the world.

Pragmatic advice

Our work is defensible and evidence-based, but we’re pragmatic. We get business, and we’re not box-tickers.

Independent validation

Prove your PCI DSS compliance to your clients, partners, and regulators, with an independent assessment from a QSA

Relationship driven

Our customers are the life-blood of our practice. We value your business, and strive to build a long-term relationship.

Passionate work from passionate people

Our work and expertise with the PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) was developed to enhance cardholder data security measures across the world. The PCI DSS provides a baseline for your technical and operational controls designed to protect your customer’s payment data.

The PCI DSS applies to all entities involved in payment card processing, including merchants, processors, acquirers, issuers, and service providers. The PCI DSS also applies to all other entities that store, process or transmit cardholder data.

To guide our clients through the extensive requirements of the PCI DSS, we maintain a dedicated team of PCI DSS Qualified Security Assessors (QSA). Our QSA team is engaged by retail brands, payment service providers, and FTSE 100 companies (including commercial and domestic energy), to provide experienced Qualified Security Assessors that understand complex technical environments in fast-paced industries.

Our team has vast operational experience with modern technologies, including containerised and virtualised environments, and is used to providing security advice to everybody from first line support, through to the C-Suite.

Alongside our delivery work, we frequently publish security articles, white papers, and case studies, as well as evidence for research and government.

Crucially, we believe that rationalised information assurance policies – driven by evidence and data, rather than hyperbole and fear – are the best way to improve our clients’ security capabilities.

Read more about our work

Continuous assurance is the future of PCI DSS governance.

It allows you to make evidence-based decisions and investments, instead of the box ticking of years gone by.

Find out more