Sec-1 Ltd

PCI DSS Qualified Security Assessor (QSA)

The Sec-1 PCI QSA services are designed to help organisations of all sizes and at all stages of their PCI DSS (Payment Card Industry Data Security Standard) journey with this often complex and difficult data security standard.
SAQ & RoC consultancy includes investigation, scope reduction, gap analysis, assessment and validation.


  • Identify and define the PCI Cardholder Data Environment (CDE)
  • Provide PCI CDE de-scoping strategies to limit assessment activities
  • Accurately identify applicable Self-Assessment Questionnaires (SAQs)
  • Provide PCI DSS Gap Analysis identifying requirements not adequately met
  • Provide professional expertise on projects with PCI DSS implications
  • Dedicated onsite QSA resource providing PCI DSS assistance
  • PCI Credits offering ad-hoc PCI DSS support queries
  • Provide assisted SAQ submissions countersigned by the QSA
  • Provide Report on Compliance (ROC) assessments
  • Preparation of correct documentation sets for PCI DSS


  • Reduces PCI DSS scope thereby reducing costs and complexity
  • Reduces compliance burden of maintaining PCI DSS
  • Minimise the risks associated with taking card payments
  • Minimise the chances of a card data compromises
  • Ensure that your organisation meets its PCI DSS obligations correctly
  • Minimise PCI DSS scoping implications when making environmental changes
  • Understand & document in detail data flows and payment channels
  • Supplement your team with experienced Qualified Security Assessors


£1250 per person per day

Service documents

G-Cloud 11


Sec-1 Ltd

David Ashton



Planning service Yes
How the planning service works Sec-1 security consultants assist organisations with solution designs and security architecture to help simplify the complexities regarding PCI DSS scoping and segmentation to ensure any de-scoping strategies that are implemented achieve the required outcome. Often, de-scoping strategies fall short of adequately isolating system components which has a significant cost and compliance impact upon an organisation, especially if the re-design work has already been implemented.
Planning service works with specific services No


Training service provided Yes
How the training service works Sec-1 can provide PCI DSS knowledge transfers to businesses to help employees better navigate this data security standard.
Stakeholders learn during engagements from structured, organised approach.
Specific PCI DSS training material is currently in development.
Advice around security testing to meet PCI DSS requirements is available through regular seminar sessions delivered UK-wide.
Training is tied to specific services No

Setup and migration

Setup and migration
Setup or migration service available No

Quality assurance and performance testing

Quality assurance and performance testing
Quality assurance and performance testing service Yes
How the quality assurance and performance testing works With the Sec-1 PCI DSS QSA services, clients can receive a quality assurance against any proposed solutions impacting upon the business' cardholder data environment. Additionally, Sec-1 QSAs can help to validate any proposed solutions that are intended to de-scope elements of the cardholder data environment, verifying that the solution will achieve what it is intended to.

Security testing

Security testing
Security services Yes
Security services type
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
  • Other
Other security services
  • Card Data Environment Mapping
  • SAQ validation and guidance
  • Scope reduction guidance
  • Gap Analysis
  • Report On Compliance
  • Data Flow Analysis
Certified security testers Yes
Security testing certifications
  • Tigerscheme
  • Other
Other security testing certifications
  • OSCP
  • OSCE

Ongoing support

Ongoing support
Ongoing support service No

Service scope

Service scope
Service constraints Currently, the Sec-1 QSA services can only be conducted within EMEA, however please do let us know if you have a requirement outside of EMEA as we may look to add that specific region.
The nature of PCI DSS consultancy requires the service to be delivered during standard work hours (9am-5pm, Monday to Friday).
Where activities need to be undertaken outside of these hours, the requirement should be discussed so that appropriate arrangements and additional charges can be made.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Sec-1 provides a service called PCI Credits which is primarily provided via email on a bulk-buy, call-off basis. Responses are usually within 2-3 working days as this service isn't designed for business critical queries.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Support levels For PCI Credits, Sec-1 will work towards a 2-3 working day turnaround for most email enquiries.
Telephone advice is also often delivered, which is usually ad-hoc arranged via the Sec-1 Sales Account Manager.


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)


Price £1250 per person per day
Discount for educational organisations No

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑