For most organisations the answer is ‘probably not’.  A QSA is generally required to sign off a completed self assessment questionnaire (SAQ) and in effect acts as an auditor to show you are compliant with the controls. The standard however does not mandate that a QSA is required to sign off SAQs for Merchant levels 2, 3 and 4.   Even if your Acquirer insists on a QSA signing off the SAQ, you can still take advantage of independent, cost effective advice and guidance from consultancies such as Advent IM.

It is our role to assess your current situation, guide you through the standard and assist you in identifying appropriate controls to meet compliance. It is a QSA’s role to ensure controls are in place by conducting an evidential audit against the SAQ.  The two activities should be carried out independently as clearly it is not recommended best practice to audit your own work.   Many QSA’s are also part of a product or managed service provider, which makes it difficult for them to demonstrate unbiased and independent advice.

We have already worked successfully with many organisations working towards PCI DSS compliance by identifying process flows, carrying out initial gap analyses against the standard, reviewing self completed SAQs and providing advice on achieving compliance.

An additional benefit we offer, apart from our total independence to any product or service supplier, is our holistic approach to security. We have experts in all aspects of information security including physical security – a key requirement of the standard and one that is often overlooked.

Advent IM is not a QSA but can offer a comprehensive, complete review based on recommended best practice across all requirements of PCI DSS, at a price you can afford.

Why Choose Advent IM?

Advent IM, cyber essentials
Advent IM, G-Cloud, Crown Commercial Supplier, Cyber Security services,
Advent IM ISO27001 certification, ISO 27001, information security, cyber security,
Advent IM ISO9001

We pride ourselves on putting our clients first…

...our approach is both consultative and facilitative and each solution is bespoke to your business needs and drivers.
Find out more...