Protection Group International Limited

PCI-DSS QSA Consultancy

PGI's PCI DSS experts can support your PCI compliance journey by providing experienced Qualified Security Assessors (QSA) .

Our service is split in to four areas providing a turnkey solution for PCI-DSS compliance. The four areas are: Compliance Advice, Gap Analysis, Testing and Maintenance, PCI Reporting

Features

• Compliance scope validation and scope reduction review
• Advice on best practice solutions
• Information risk assessments
• PCI DSS Awareness and Training
• Gap analysis between your organisation and the Standard
• Document creation (policies and procedures) where required
• Internal vulnerability assessment and all aspects of penetration testing
• Report completion (SAQ, ROC and AOC)
• Assistance throughout the compliance journey and beyond
• Quarterly compliance reviews

Benefits

• Assistance from experienced and knowledgeable PCI DSS accredited practitioners
• Understand your compliance scope and requirements
• Prioritise outstanding activities through gap analysis and risk assessments
• Rationalise and improve your cardholder data environment security posture
• Proactively achieve and maintain compliance through our range of services
• Compliance reports signed by a QSA authority

£975 to £1,500 an instance a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@pgitl.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

725845199131888

Contact

Mike Tipson
020 4566 6600
bidteam@pgitl.com

Planning

• Planning service: Yes
• How the planning service works: PGI's experts would work closely with you to understand your requirements, then develop a programme that meets your organisation's needs in an appropriate timescale.
• Planning service works with specific services: No

Training

• Training service provided: Yes
• How the training service works: PGI’s Information Assurance Team can deliver expert training and coaching relating to applicable policies and processes to staff responsible for PCI related services within your organisation. Our experienced team includes qualified QSAs who will be able to provide real-life scenarios to illustrate requirements, providing pragmatic advice and guidance based on significant experience working with and in many organisations and sectors including government, corporate, charity and small-to-medium enterprises.
• Training is tied to specific services: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: PGI's experts would work with you to understand your requirements and to help you determine the most appropriate location for the services required. These could be hosted on premise or elsewhere, and PGI will work with the client to ensure that all appropriate security measures are considered.
• Setup or migration service is for specific cloud services: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: In a similar manner to Business Continuity and Incident Response testing, PGI would work with you to test and refine the various processes related to PCI DSS, including testing of technical solutions. ; ; This will give you confidence that your procedures are practical, fit for purpose, and that your workforce know what is expected of them.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
• Certified security testers: Yes
• Security testing certifications:
  • CREST
  • Other
• Other security testing certifications:
  • PCI QSA
  • Certificate in Information Security Management Principles
  • Certified Information Security Manager
  • Certified Information Systems Security Professional
  • ISO 27001 Certified ISMS Lead Auditor
  • CDCAT Practitioner
  • ITIL Certificate in IT Service Management
  • General Data Protection Regulation (GDPR) Practitioner
  • CompTIA Network+ & Security+

Ongoing support

• Ongoing support service: Yes
• Types of service supported: Hosting or software provided by a third-party organisation
• How the support service works: PGI offers ‘QSA as a Service’ and the ‘Quarterly compliance reviews’ service to ensure ongoing and continuous improvement.

Service scope

• Service constraints: PGI have no constraints on the services we provide. Work can be carried out on site or remotely, depending on client requirements.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Responses will normally be within one working day, unless in the middle of an incident / project when response times will usually be quicker. Weekend response times may be different, depending on contractual requirements.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: Support levels would be agreed on a project by project basis. Cost for support will be determined based on client requirements. Typically each client will be assigned a lead contact, who may be one of PGI's consultants or may be part of the sales team. This will depend on the nature of the project being undertaken.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 28/04/2022
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: CREST

Social Value

• Social Value:

  Social Value

  • Equal opportunity
  • Wellbeing

  Equal opportunity

  PGI is an equal opportunity employer, with a strong focus on Diversity, Equity and Inclusion.

  Wellbeing

  PGI provides staff with support across mental and physical health.

Pricing

• Price: £975 to £1,500 an instance a day
• Discount for educational organisations: Yes

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@pgitl.com. Tell them what format you need. It will help if you say what assistive technology you use.