Delap advisors can help you achieve your business goals. Learn How


Payment Card Industry (PCI) Compliance

We help you protect cardholder data, reduce business risk, and boost customer trust through PCI DSS compliance.

Delap provides merchants and service providers with Payment Card Industry Data Security Standard (PCI DSS) compliance and consulting services. Whether your organization needs a Level 1 PCI DSS assessment, Self-Assessment Questionnaire assistance, or a Qualified Security Assessor (QSA) to help you navigate toward PCI DSS compliance, Delap is here to help.

Not your average Qualified Security Assessor Company

At Delap, we don’t believe in checkbox compliance. Across our firm’s many years in the payment security industry, Delap has established itself as the premier Qualified Security Assessor Company for organizations that seek more from an assessment than just a signed Attestation of Compliance.

With Delap as your partner, you can build a PCI compliance program that prioritizes security above all, bringing you peace of mind and the confidence to concentrate on your core business.

Delap has 10 years of experience in PCI DSS compliance and long average client relationships.

Safeguard your business and customer data

Created in 2006 by the PCI Security Standards Council, PCI DSS mandates that organizations have adequate security measures in place to protect sensitive cardholder data from unauthorized access and use. Compliance helps you reduce the risk of data breaches, which can result in significant financial losses and reputation damage.

Navigating the maze of requirements for compliance with PCI standards can be challenging. As a PCI DSS Qualified Security Assessor Company, Delap can help your organization achieve and maintain PCI compliance.

Schedule a Call with a QSA Today

Merchants need to comply with the payment card industry data security standard (PCI DSS). Delap offers assessments with QSAs in Portland, Oregon

The Benefits of PCI DSS Compliance

  • Avoid fines due to non-compliance, ranging from $5,000 to $100,000 per month
  • Avoid higher credit card processing fees and a loss of banking relationships
  • Reduce the risk of a data security breach and payment card fraud
  • Avoid fines up to $500,000 per incident due to data breaches while non-compliant
  • Mature your internal information security and compliance programs
  • Increase trust, confidence, and loyalty with banks, customers, and other organizations
  • Improve your brand reputation and gain a competitive edge
Credit cards with lock shaped icon. Locked bank card secure payment card transaction protection Secure money payment online system sign, PCI DSS compliance graphic

Delap PCI DSS Compliance and Consulting Services

Level 1 PCI DSS Assessments

Delap QSAs perform an independent assessment of merchant and service provider cardholder data environments (CDEs). Assessments result in the compilation of formal compliance reporting documentation, including an independent Report on Compliance (ROC) and Attestation of Compliance (AOC).

Self-Assessment Questionnaire (SAQ) Assistance & Consulting

We help merchants and service providers who are required to complete an SAQ understand and interpret the data security requirements they are required to satisfy. Our QSAs can assist you through completing your SAQ and can offer guidance on resolving non-compliance.

Cardholder Data Environment (CDE) Scoping Advisory

Delap QSA consultants can help your organization define the boundaries of your CDE and determine which of your technologies, systems, people, and processes are in scope for PCI DSS requirements. The most effective way to ease the burden of DSS compliance is through scope reduction, and our QSAs can provide recommendations and strategies for minimizing the scope of your CDE.

PCI Compliance Remediation Advisory

Are you currently non-compliant? As a PCI compliance company, Delap will help guide you through the remediation process to resolve PCI DSS findings so you can bring your organization back into compliance effectively and efficiently.

Pre-Implementation Project Compliance Impact Analysis

Is your company implementing a new technology, application, or network architecture within your CDE? As a QSA company, Delap professionals can analyze the impact your project may have on your PCI compliance before it hits production.

Readiness & Gap Analysis

Our QSA consultants can assist organizations preparing for their initial PCI DSS assessment through readiness consulting services. We also offer limited-scope gap analysis engagements tailored to your organization’s needs and environments.


Delap QSAs are Multidisciplinary Information Security Specialists

The expertise of our QSAs extends well beyond PCI DSS compliance. As experts in cybersecurity, we not only know the security standards and technology but how the two relate to each other.

We have extensive experience working with a broad range of industries, technologies, payment channels, and cardholder data environments. Our expertise includes navigating DSS compliance across next-gen technologies such as cloud-hosted environments like Azure and AWS, virtualization, microservice architecture utilizing containers, virtual network devices, infrastructure as code, DevOps build and deployment pipelines, SD-WAN, and much more.

Close up image of debit and credit cards. Any merchant or service provider that stores, processes, or transmits cardholder data must comply with PCI DSS

The Delap Difference

Here’s what you can expect from the Delap team providing information security and PCI DSS compliance and consulting services in Portland, Oregon, and across the nation:

High-Quality Assessments

You can feel confident in the accuracy of your PCI audit. As a QSA company, Delap is qualified by the PCI Security Standards Council to validate an entity’s adherence to PCI DSS. And as a CPA firm, we abide by stringent quality control and attestation requirements. Our assessments and quality assurance procedures are conducted in accordance with attestation standards established by the American Institute of Certified Public Accountants (AICPA).


Delap QSAs use a clear and concise evidence request status tracking process and precisely defined fieldwork itineraries, so you always know if your project is on track. You can expect efficient report turnaround timelines as well as real-time insight into the status of the evidence that has been requested, delivered, and reviewed.

Bespoke Service

From the beginning of the conversation to the end of your engagement, you interact directly with your QSA — there is no sales team, no hand-offs, no unreliable coordination. Our team is exclusively focused on your assessment, keeping you up to date and on schedule.

Personalized Price Quote

Delap QSAs don’t put you in a box with pre-defined service tiers or fee structures. The fee for every PCI DSS engagement is tailored to your entity’s unique environment scope and needs, maximizing the value of our service.

What our clients say

A Key Partner

“We needed to understand PCI compliance and achieve audit success. Delap helped us understand the requirements, our options, and the process. They were a key partner for us in meeting our compliance goals. Also, everyone there is super awesome and great to work with. Call me weird, but I looked forward to our audits because working with the team was so enjoyable.”

Anthony, Project Lead | Software Security Client

Who We Serve

We serve merchants and service providers of all sizes from Level 1 merchants with over 6 million transactions per year to smaller organizations completing SAQs, including:

  • Retail merchants, including grocery stores and wineries
  • E-commerce organizations
  • Hospitality and travel organizations
  • Gas stations and service centers
  • Financial institutions
  • Fin-tech
  • Call center agencies
  • Billing service providers
  • Merchant servicers
  • Logging and monitoring service providers
  • Software development companies
  • Manufacturing companies
Woman hand swiping credit card at gas pump station. Delap serves merchants and service providers with PCI DSS compliance services in Portland, Oregon

Meet Our QSAs and PCI DSS Experts

David Buchanan

David W. Buchanan

Partner, CISO | CPA | QSA |

Spencer Giles

Spencer Giles

IT Assurance Senior Manager | CISSP | QSA | QPA |

Schedule a Call with a Delap Qualified Security Assessor

Curious about our PCI DSS compliance and consulting services? Drop us a line — we’d love to chat with you!

Trailhead illustration with direction sign