QSA company recommendations to provide PCI compliance auditing services

pcave's picture


I'm looking to see if anyone has any recommendations for qualified security assessor companies to perform a PCI audit for a hosting infrastructure and Drupal application. The PCI security council lists 321 such companies so I'd like to narrow it down to a few that folks have had a good experience with so I can get some quotes.

Thanks in advance.



I have not used them as a

greggles's picture

I have not used them as a QSA, but I strongly recommend Applied Trust Engineering. I've hired them in another capacity and am consistently impressed with their work. In addition to being approved QSAs, they also know Drupal. Ned is one of the authors of Drupal PCI Compliance report.

Disclosure: I worked on a small contract for them about 3 years ago and Ned bought me lunch somewhere in that time frame.

Washington, DC Drupalers

Group organizers

Group events

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds:

Hot content this week