Sec-1 Ltd

PCI DSS Qualified Security Assessor (QSA)

The Sec-1 PCI QSA services are designed to help organisations of all sizes and at all stages of their PCI DSS (Payment Card Industry Data Security Standard) journey with this often complex and difficult data security standard.
SAQ & RoC consultancy includes investigation, scope reduction, gap analysis, assessment and validation.


  • Identify and define the PCI Cardholder Data Environment (CDE)
  • Provide PCI CDE de-scoping strategies to limit assessment activities
  • Accurately identify applicable Self-Assessment Questionnaires (SAQs)
  • Provide PCI DSS Gap Analysis identifying requirements not adequately met
  • Provide professional expertise on projects with PCI DSS implications
  • Dedicated onsite QSA resource providing PCI DSS assistance
  • PCI Credits offering ad-hoc PCI DSS support queries
  • Provide assisted SAQ submissions countersigned by the QSA
  • Provide Report on Compliance (ROC) assessments
  • Preparation of correct documentation sets for PCI DSS


  • Reduces PCI DSS scope thereby reducing costs and complexity
  • Reduces compliance burden of maintaining PCI DSS
  • Minimise the risks associated with taking card payments
  • Minimise the chances of a card data compromises
  • Ensure that your organisation meets its PCI DSS obligations correctly
  • Minimise PCI DSS scoping implications when making environmental changes
  • Understand & document in detail data flows and payment channels
  • Supplement your team with experienced Qualified Security Assessors


£1250 per person per day

Service documents


G-Cloud 11

Service ID

8 4 3 2 9 2 8 6 2 3 9 5 7 9 8


Sec-1 Ltd

David Ashton



Planning service
How the planning service works
Sec-1 security consultants assist organisations with solution designs and security architecture to help simplify the complexities regarding PCI DSS scoping and segmentation to ensure any de-scoping strategies that are implemented achieve the required outcome. Often, de-scoping strategies fall short of adequately isolating system components which has a significant cost and compliance impact upon an organisation, especially if the re-design work has already been implemented.
Planning service works with specific services


Training service provided
How the training service works
Sec-1 can provide PCI DSS knowledge transfers to businesses to help employees better navigate this data security standard.
Stakeholders learn during engagements from structured, organised approach.
Specific PCI DSS training material is currently in development.
Advice around security testing to meet PCI DSS requirements is available through regular seminar sessions delivered UK-wide.
Training is tied to specific services

Setup and migration

Setup or migration service available

Quality assurance and performance testing

Quality assurance and performance testing service
How the quality assurance and performance testing works
With the Sec-1 PCI DSS QSA services, clients can receive a quality assurance against any proposed solutions impacting upon the business' cardholder data environment. Additionally, Sec-1 QSAs can help to validate any proposed solutions that are intended to de-scope elements of the cardholder data environment, verifying that the solution will achieve what it is intended to.

Security testing

Security services
Security services type
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
  • Other
Other security services
  • Card Data Environment Mapping
  • SAQ validation and guidance
  • Scope reduction guidance
  • Gap Analysis
  • Report On Compliance
  • Data Flow Analysis
Certified security testers
Security testing certifications
  • Tigerscheme
  • Other
Other security testing certifications
  • OSCP
  • OSCE

Ongoing support

Ongoing support service

Service scope

Service constraints
Currently, the Sec-1 QSA services can only be conducted within EMEA, however please do let us know if you have a requirement outside of EMEA as we may look to add that specific region.
The nature of PCI DSS consultancy requires the service to be delivered during standard work hours (9am-5pm, Monday to Friday).
Where activities need to be undertaken outside of these hours, the requirement should be discussed so that appropriate arrangements and additional charges can be made.

User support

Email or online ticketing support
Email or online ticketing
Support response times
Sec-1 provides a service called PCI Credits which is primarily provided via email on a bulk-buy, call-off basis. Responses are usually within 2-3 working days as this service isn't designed for business critical queries.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Support levels
For PCI Credits, Sec-1 will work towards a 2-3 working day turnaround for most email enquiries.
Telephone advice is also often delivered, which is usually ad-hoc arranged via the Sec-1 Sales Account Manager.


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)


£1250 per person per day
Discount for educational organisations

Service documents

Return to top ↑