Claranet Limited

PCI DSS Consultancy Services - QSA Assessor

Claranet's PCI QSA services are designed to help organisations of all sizes and at all stages of their PCI DSS journey with this often complex and difficult data security standard.
SAQ & RoC consultancy includes investigation, scope reduction, gap analysis, assessment, and validation.

Features

• Identify and define the PCI Cardholder Data Environment (CDE)
• Provide PCI CDE de-scoping strategies to limit assessment activities
• Accurately identify applicable Self-Assessment Questionnaires (SAQs)
• Provide PCI DSS Gap Analysis identifying requirements not adequately met
• Provide professional expertise on projects with PCI DSS implications
• Dedicated onsite QSA resource providing PCI DSS assistance
• PCI Credits offering ad-hoc PCI DSS support queries
• Provide assisted SAQ submissions countersigned by the QSA
• Provide Report on Compliance (ROC) assessments
• Preparation of correct documentation sets for PCI DSS

Benefits

• Reduces PCI DSS scope thereby reducing costs and complexity
• Reduces compliance burden of maintaining PCI DSS
• Minimise the risks associated with taking card payments
• Minimise the chances of a card data compromises
• Ensure that your organisation meets its PCI DSS obligations correctly
• Minimise PCI DSS scoping implications when making environmental changes
• Understand & document in detail data flows and payment channels
• Supplement your team with experienced Qualified Security Assessors

£1,000 to £1,500 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at UK-bidteam@claranet.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

818429927658151

Contact

Claranet UK Bid Team
020 7685 8000
UK-bidteam@claranet.com

Planning

• Planning service: Yes
• How the planning service works: Claranet's experienced consultants assist organisations with solution designs and security architecture to help simplify the complexities regarding PCI DSS scoping and segmentation to ensure any de-scoping strategies that are implemented achieve the required outcome. Often, de-scoping strategies fall short of adequately isolating system components which has a significant cost and compliance impact upon an organisation, especially if the re-design work has already been implemented.
• Planning service works with specific services: No

Training

• Training service provided: Yes
• How the training service works: Claranet can provide PCI DSS knowledge transfers to businesses to help employees better navigate this data security standard.; Stakeholders learn during engagements from our structured, organised approach.; Specific PCI DSS training material is currently in development.; Advice around security testing to meet PCI DSS requirements is available through regular seminar sessions delivered UK-wide.
• Training is tied to specific services: No

Setup and migration

• Setup or migration service available: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: With Claranet's PCI DSS QSA services, clients can receive a quality assurance against any proposed solutions impacting upon the business' cardholder data environment. Additionally, QSAs can help to validate any proposed solutions that are intended to de-scope elements of the cardholder data environment, verifying that the solution will achieve what it is intended to.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security audit services
  • Other
• Other security services:
  • ISO27001 Auditing
  • Cybersecurity training
• Certified security testers: Yes
• Security testing certifications:
  • CHECK
  • CREST
  • Tigerscheme
  • Other
• Other security testing certifications: OSCP

Ongoing support

• Ongoing support service: No

Service scope

• Service constraints: Currently, Claranet QSA services can only be conducted within EMEA, however please do let us know if you have a requirement outside of EMEA as we may look to add that specific region.; The nature of PCI DSS consultancy requires the service to be delivered during standard work hours (9am-5pm, Monday to Friday).; Where activities need to be undertaken outside of these hours, the requirement should be discussed so that appropriate arrangements and additional charges can be made.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Claranet provides a service called PCI Credits which is primarily provided via email on a bulk-buy, call-off basis. Responses are usually within 2-3 working days as this service isn't designed for business critical queries.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: For PCI Credits, Claranet works towards a 2-3 working day turnaround for most email enquiries.; Telephone advice is also often delivered, which is usually ad-hoc arranged via your Claranet Account Manager.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: DAS
• ISO/IEC 27001 accreditation date: 06/06/2023
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: 7Safe Limited
• PCI DSS accreditation date: 01/2019
• What the PCI DSS doesn’t cover: Our PCI-DSS only covers physical security requirements 1 to 8. 10 and 11 are not covered
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: ISO22301

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Sustainability is a core element of our CSR strategy. At Claranet, we recognise the significance of our environmental footprint, even if it’s small, and are dedicated to perpetual improvements in energy conservation and waste minimisation throughout our operations. Our Senior Management Team has defined environmental and energy policies with a structure for setting and revising environmental objectives and goals.; • Our approach to environmental management includes:; • Committing to lessen our environmental impact.; • Integrating environmental performance and management into our business practice.; • Encouraging recycling and eco-awareness across our workforce, clientele, and suppliers.; • Reducing eco-toxic emissions from company vehicles.; • Reducing our energy use.; • Aligning with stakeholders to meet or excel in environmental standards.; • Adhering to applicable environmental laws and regulations.; • Conducting regular audits to measure and report on environmental metrics and establish goals.; Our energy management is focused on:; • Complying with legal standards for energy use.; • Implementing and, where possible, exceeding best practices for energy management.; • Allocating resources to meet our energy objectives and improve our management system continuously.; • Procuring energy-efficient solutions and services when feasible.; • Using data to monitor significant energy use and set targets for reducing consumption across the enterprise.; Our commitment to sustainability is reinforced by certifications such as ISO14001 for Environmental Management, ISO50001 for Energy Management, and the Cisco Environmental Sustainability Specialisation.; Aiming for net zero by 2050, we are proactively seeking ways to achieve this sooner. Our efforts are transparent, with an external Carbon Reduction Plan available upon request.

  Equal opportunity

  Offering the opportunity to advance our people’s professional development is one thing, however, ensuring that everyone, no matter who they are, has that opportunity is something that we pride ourselves on. Diversity and Inclusion is a highly regarded topic at Claranet and one that we strive to work towards. We are committed to driving diversity and inclusion in a measurable way. ; Our HR and Management teams are working closely on diversity and inclusion initiatives to support the reduction in the gap in pay between men and women. We have a group of employees who have volunteered themselves to work together the ensure some of the most meaningful diversity and inclusion dates throughout the calendar year are acknowledged and/or celebrated with the goal of ensuring all of our employees feel a sense of belonging at Claranet. We are a signatory with the Tech Talent Charter (TTC) who pride themselves on bringing organisations together to drive greater diversity and inclusion within the Technology sector. Not only does this support women getting into technology, but those from multi-ethnic and lower socio-economic backgrounds as well. We are excited to be a part of this movement and hope to contribute to making the UK technology sector truly inclusive. We are also one of the founding members of the Technology Community for Racial Equality (T4CRE). We are proud to support this organisation that is focused on promoting diversity, equity, and inclusion in the technology industry (https://tc4re.org/who-we-are/). ; Our recruitment strategy and policy also heavily supports this. The makeup of our Senior Management Team further evidences our commitment to inclusivity, as it continues to represent an equal split between men and women, which is essential to leading a diverse workforce and promoting equality.

  Wellbeing

  Claranet are passionate about people and fostering a healthy and nurturing work environment.; Our dedicated Wellbeing and Engagement team, work in partnership with external providers to deliver our health and wellbeing scheme: Health is Wealth. The scheme is comprised of talks led by professionals, access to exercise classes, discounted gym memberships and access to a fully trained Mental Health First Aiders team. Some of our notable events include, a Stress Awareness seminar, Disability Awareness talk delivered by Lee Spencer, Employee led activity to celebrate Neurodiversity Week, Women in technology celebrations, Happiness in the Workplace celebration week and Imposters Syndrome webinar. Our in-house team plan employee activity based on employee feedback and suggestions, enabling us to deliver a very diverse programme and support network within the workplace.; In conjunction with this we also provide all employees with access to the Employee Assistance Program (EAP). This facility provides an independent, confidential, and unlimited service available 24 hours a day, 365 days a year. It provides access to specialist professionals who offer advice on stress and anxiety as well as a range of other issues such as bereavement support, legal guidance, and health related issues.; Our employees also benefit from core and voluntary benefits including dental cover and private medical that covers pre-existing conditions with a range of options to cover partners or families. Voluntary Critical Illness Cover of up to £150,000 also gives our employees and their families financial and practical support at times of need.

Pricing

• Price: £1,000 to £1,500 a unit a day
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at UK-bidteam@claranet.com. Tell them what format you need. It will help if you say what assistive technology you use.