Book FREE Consultation

URM is pleased to provide a FREE 30 minute consultation on Transitioning to ISO 27001:2022 for any UK-based organisation. Once an enquiry form has been submitted, we will be in touch to understand the nature of your enquiry and to book a mutually convenient time for a 30-minute consultation slot with one of URM’s specialists.

PCI DSS Assessment and Auditing

Pragmatic and tailored approach to PCI DSS compliance

PCI DSS Assessment and Auditing

And once you are ready for assessment, URM’s Team of PCI QSAs is able to offer you a range of PCI DSS audit services, including:

  • QSA-led PCI Report on Compliance (ROC). When all PCI DSS control gaps have been identified, and remediation activities have been completed, a QSA audit is required in order to establish that a Level 1 merchant or service provider fully meets all of the control objectives of the PCI DSS.  URM is able to deliver a full PCI audit led by experienced assessors.  After testing your controls and reviewing documentation of your findings, URM’s Team of QSAs will develop a summary of findings, culminating in a ROC which verifies your organisation’s compliance.  Our Team will also provide a completed Attestation of Compliance (AoC) form and allow for the required paperwork to be submitted to the party requesting compliance from your organisation.
  • QSA Supported SAQs. This service involves URM’s PCI DSS QSA working with your organisation to deliver a full QSA-led SAQ against any currently valid version of the Standard and provide a completed AOC form for you to submit.  It is widely acknowledged that an SAQ, countersigned by a QSA, greatly adds to the credibility of the self-assessment.
  • Supporting SAQs - Here, URM’s QSA can support your organisation conduct its own SAQ by offering advice and consultancy. This service differs from the ‘QSA supported SAQ’ service, described above, in that typically the QSA will not be involved in actively gathering and reviewing any evidence. The QSA will be simply advising you on the level of evidence you would need to obtain.  As a result, they would not be in a position to sign off the SAQ.
  • Pre-audit Readiness Assessment – URM’s QSAs are able to work with your organisation to conduct a readiness assessment of your in-scope environment against any currently valid version of the PCI DSS and identify any issues that would affect compliance being achieved.  This provides you with the opportunity to remediate any issues before the formal evidence stage and provides staff with the experience of undertaking a PCI DSS assessment.

Get in touch

Please note, we can only process business email addresses.

Why URM?

Track record and experience

URM has a team of expert consultants across multiple security disciplines who are all highly experienced in assisting organisations in gaining PCI DSS compliance. Our consultants have worked with hundreds of different companies across a wide range of industries, including local government, entertainment, retail, hospitality, IT services, charities, and many more. They also have experience of working with companies of various sizes ranging from self-employed individuals to multi-national corporations.  So, whatever your PCI DSS needs are, URM will be able to provide a QSA who understands your organisation and can offer the best advice and guidance to help you achieve compliance.

Pragmatic Approach

All of URMs QSAs pride themselves on their pragmatic approach to both compliance and assessments and will work with you to find the most appropriate and sensible way for you to meet the requirements of the PCI DSS.

Information Security FAQISO 27001 FAQ

PCI DSS v4.0: Targeted Risk Analysis

Published On
4/6/2024

URM’s blog dissects the new PCI DSS requirements around targeted risk analysis, what they involve, and how the 2 types of TRA in the Standard differ.

Read more
Thumbnail of the Blog Illustration
Information Security
Published On
3/6/2024
PCI DSS v4.0: Forced Password Changes and Zero Trust Architecture

URM’s blog drills down into the PCI DSS v4.0 requirements around forced password changes, with a particular focus on the addition of zero-trust architecture.

Read more
Thumbnail of the Blog Illustration
Information Security
Published On
11/4/2024
PCI DSS v4.0: Network Security Controls

URM’s blog explains the wording changes in Requirement of the PCI DSS v4.0, offering advice on how organisations can select and use the most appropriate NSCs.

Read more
Thumbnail of the Blog Illustration
Information Security
Published On
22/3/2024
Common Questions When Preparing to Transition to PCI DSS v4.0

URM’s blog answers key questions about the practicalities of PCI DSS v4.0 transition assessments and how you can best prepare for a successful v4.0 transition.

Read more
"
Without URM, Havas People would not of achieved its certification goals.
Director, Havas People
contact US

Let us help you

Let us help you in your compliance journey by completing the form and letting us know how we can best support you.