PCI DSS Self Assessment Questionnaires

Experienced PCI DSS Qualified Security Assessors providing support and guidance on Self Assessment Questionnaires, for merchants and service providers.

Speak with a QSA


For those Level 3 and Level 4 merchants that don’t need a full Report on Compliance, we can help you to complete a Self Assessment Questionnaire.

This service is designed for merchants that would like to gain some management assurance of their self-assessment status, helping to fix issues before a data breach.

Your assisted-SAQ project will be led by a Qualified Security Assessor that has been appointed by the PCI Security Standards Council.

Learn more

Service Providers

For those service providers that want to demonstrate compliance to merchant customers, but are not processing large numbers of payments, we can help you to complete a service provider self assessment.

The project will be led by a Qualified Security Assessor who has experience with the validation of processors, acquirers, issuers, and service providers.

If you’re looking for true independent validation, you’ll need a Report on Compliance.

Learn more

Data Security People is trusted by:

Key benefits

For smaller merchants and service providers, an assisted-SAQ demonstrates your commitment to PCI DSS compliance to the world.

Pragmatic advice

Our work is defensible and evidence-based, but we’re pragmatic. We get business, and we’re not box-tickers.

Independent validation

Demonstrate your PCI DSS compliance to your clients, partners, and regulators, with an assisted self-assessment from a QSA

Relationship driven

Our customers are the life-blood of our practice. We value your business, and strive to build a long-term relationship.

Passionate work from passionate people

Our work and expertise with the PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) was developed to enhance cardholder data security measures across the world. The PCI DSS provides a baseline for your technical and operational controls designed to protect your customer’s payment data.

The PCI DSS applies to all entities involved in payment card processing, including merchants, processors, acquirers, issuers, and service providers. The PCI DSS also applies to all other entities that store, process or transmit cardholder data.

To guide our clients through the extensive requirements of the PCI DSS, we maintain a dedicated team of PCI DSS Qualified Security Assessors (QSA). Our QSA team is engaged by retail brands, payment service providers, and FTSE 100 companies (including commercial and domestic energy), to provide experienced Qualified Security Assessors that understand complex technical environments in fast-paced industries.

Our team has vast operational experience with modern technologies, including containerised and virtualised environments, and is used to providing security advice to everybody from first line support, through to the C-Suite.

Alongside our delivery work, we frequently publish security articles, white papers, and case studies, as well as evidence for research and government.

Crucially, we believe that rationalised information assurance policies – driven by evidence and data, rather than hyperbole and fear – are the best way to improve our clients’ security capabilities.

Read more about our work

Continuous assurance is the future of PCI DSS governance.

It allows you to make evidence-based decisions and investments, instead of the box ticking of years gone by.

Find out more