Book FREE Consultation

URM is pleased to provide a FREE 30 minute consultation on Transitioning to ISO 27001:2022 for any UK-based organisation. Once an enquiry form has been submitted, we will be in touch to understand the nature of your enquiry and to book a mutually convenient time for a 30-minute consultation slot with one of URM’s specialists.

PCI DSS Quarterly Compliance Review

Pragmatic and tailored approach to PCI DSS compliance

Speak to a PCI DSS expert

URM has a team of expert consultants across multiple security disciplines who are all highly experienced in assisting organisations in gaining PCI DSS compliance.

Speak to one of our experts for more information on how we can help you gaining compliance. Simply call 0118 206 5410 or use the contact form.

Contact us

PCI DSS Quarterly Compliance Review

In order to comply with the Payment Card Industry Data Security Standard (PCI DSS), a number of recurring requirements need to be completed and presented to a qualified security assessor (QSA) during the annual assessment (naturally assuming that external auditing is applicable).  Failure to perform and document these activities on a quarterly basis (within an 87-93 day timeframe) may hinder your ability to demonstrate PCI DSS adherence, potentially leading to a non-compliant or failing Report on Compliance (RoC).

One of the common challenges many organisations face is ensuring consistent compliance throughout each quarter.  The need to balance a strict compliance schedule with daily operational demands and unforeseen disruptions can often result in missed compliance tasks.  To address this, URM provides quarterly compliance reviews designed to confirm that all required activities are completed, evidence is properly documented, and necessary scans are successful and compliant, as well as discussing any developments that may impact your compliance with the Standard.

We wanted to thank our QSA for his continued assistance with our PCI audit. It was a pleasure to meet and work with him over the course of the audit and we look forward to seeing him again when the next one comes around.
Charity

URM’s Quarterly Compliance Review Service

URM’s quarterly compliance reviews are scheduled to start at the commencement of your compliance period and take place during each of the 4 quarters.  One of our experienced QSAs will initially work with you to identify the periodic activities essential for your compliance, with a particular focus on those that depend on manual processes.  In our experience, these are often the most susceptible to being overlooked.

Once the programme of activities is established, our QSA will schedule quarterly reviews to review and discuss any challenges and developments that may impact your PCI DSS compliance.  They will seek evidence that the periodic activities have been completed successfully.  Where required and as an additional service, our QSAs can also provide assistance and feedback to help you complete any missing tasks.

Examples of activities that URM will cover during the quarterly reviews include:

  • Verifying that internal and external vulnerability scans are completed and meet passing criteria
  • Ensuring that internal and external penetration tests are completed and deemed successful
  • Confirming that required manual processes have been carried out, such as:
    • Reviewing firewall configurations
    • Ensuring prompt response to security incidents
    • Checking that patches have been applied on time when manual patching is used
    • Verifying that all staff have completed mandatory training
    • Ensuring that change tickets are properly filed and completed for all relevant changes
    • Reviewing the scope as required
    • Assessing any targeted risk analyses.

Details of Review Service

At the start of the compliance calendar, a kick-off call is arranged to agree the approach and plan when reviews will take place, providing sufficient time for activities to be remediated if required, within the defined quarter.

URM offers two basic options as part of the quarterly review service:

  1. One day a year (spread over 4 quarters) – quarterly compliance check to ensure activities have been conducted, discuss any challenges/ developments that may impact your compliance, and ensure appropriate evidence is available
  2. Two days a year (spread over 4 quarters) – as above; however, where compliance gaps are identified during the quarterly review, additional time will be used to validate that those gaps have been appropriately remediated.

URM’s service is tailored to work within your compliance calendar and to address your PCI DSS requirements.  It is an expedient, efficient service designed to ensure some of the common pitfalls and omissions are avoided, and can be delivered entirely remotely.

After a bad experience with a previous provider, we looked to URM for QSA support. The URM QSA we have worked with is phenomenal, and considerably better than our previous QSAs. My team enjoy working with him, and find him to be extremely credible and effective.
UK-based university
PCI DSS projects often become complex before they need to be

A short, free, non‑commitment call can help you confirm scope, understand technical and compliance expectations, and take a proportionate approach to testing, implementation, and assessment. Getting this right early can save both time and operational effort.

Speak to our PCI DSS specialists today

Get in touch

A short, free, non‑commitment call can help you confirm scope, understand technical and compliance expectations, and take a proportionate approach to testing, implementation, and assessment. Getting this right early can save both time and operational effort.
Speak to our PCI DSS specialists today.

Please note, we can only process business email addresses.

Why URM?

Track record and experience

URM has a team of expert consultants across multiple security disciplines who are all highly experienced in assisting organisations to achieve PCI DSS compliance. Our consultants have worked with hundreds of different companies across a wide range of industries, including local government, entertainment, retail, hospitality, IT services, charities, and many more. They also have experience of working with companies of various sizes, ranging from self-employed individuals to multi-national corporations.  So, whatever your PCI DSS needs are, URM will be able to provide a QSA who understands your organisation and can offer the best advice and guidance to help you achieve compliance.

Pragmatic Approach

All of URMs QSAs pride themselves on their pragmatic approach to both compliance and assessments and will work with you to find the most appropriate and sensible way for you to meet the requirements of the PCI DSS.

URM's diligence during these audits has resulted in the business as a whole pulling together to collectively ensure that we up to par with the requirements. While our working relationship with URM’s consultant is fantastic, we are held to account for every bullet point of every requirement on every audit, which is precisely what we expect.
Payment technology provider
Information Security FAQISO 27001 FAQ
Our URM QSA always consults with the aim of making compliance as straightforward as possible, and pointed us towards a way of significantly minimising and streamlining our assessment scope that neither we nor our previous PCI DSS consultancy provider had considered.
UK-based university

How Organisations Fall Into PCI DSS Scope Without Realising It

Published On
26/6/2026

URM’s blog explains how organisations can unintentionally and without realising fall into scope of the PCI DSS, despite not directly handling card data.

Read more
Thumbnail of the Blog Illustration
Information Security
Published On
23/3/2026
Continuous Compliance With the PCI DSS

URM’s blog outlines how continuous compliance fits into PCI DSS, and explores practical ways to integrate requirements into business-as-usual (BAU) operations.

Read more
Thumbnail of the Blog Illustration
Information Security
Published On
24/4/2025
Quantum Computing – the Risks to Encryption and the Implications for PCI DSS

URM’s blog explains the threat quantum computing poses to current encryption methods, how this may impact the PCI DSS, and how these challenges may be overcome.

Read more
Thumbnail of the Blog Illustration
Information Security
Published On
10/3/2025
PCI SSC Announces Changes to the SAQ A

URM’s blog explains the recent update to PCI DSS SAQ-A that has resulted in the removal of 2 new v4 requirements & the addition of new eligibility criteria.

Read more
"
Rather than having to coordinate with multiple providers for different standards or services, we can rely on a single, trusted partner for consistent support and expertise.
contact US

Let us help you

Let us help you in your compliance journey by completing the form and letting us know how we can best support you.