The Drummond Group


Payment Application Compliance Solutions for Over a Decade by Senior PA-QSAs

Payment applications that store, process, or transmit cardholder data as part of authorization or settlement, and are sold, distributed, or licensed to third parties require Payment Application Qualified Security Assessor (PA-QSA) assessment to validate compliance with the Payment Card Industry (PCI) Payment Application Data Security Standard (PA-DSS). As a PA-QSA, Drummond Group offers software vendors Gap Analysis, change impact analysis, and consultation services, in addition to PA-DSS assessments.

Service Types


For those payment application vendors who seek a quality PA-DSS assessment experience, Fortrex PA-QSAs understand that each payment application is unique, requiring expert analysis and understanding. Fortrex PA-QSAs take the time to understand your business requirements and your software’s cardholder data storage, processing, and transmission processes. Developed and defined based on years of experience and repeated success in delivering results, Fortrex PA-DSS assessment processes provide payment application vendors with practical and actual compliance solutions, collaborative solution development, and future forward strategies to maintain and strengthen ongoing compliance management.

Gap Analysis

For those clients who require better understanding of the impact of PA-DSS compliance requirements and assessment processes, Fortrex offers PA-QSA guided gap analysis services. Ensure your assessment readiness with a customized reporting of prioritized remediation needs that carefully address your compliance goals and business needs. The Fortrex gap analysis report further provides actionable findings presented in an easily understandable summary with supporting detail documented for each PA-DSS requirement to guide client compliance efforts.

Change Impact Analysis

Made changes to your payment application software? It’s time to complete a change impact analysis! Working with Fortrex PA-QSAs, your changes will be carefully considered in alignment with PA-DSS Program Guide requirements so as to help ensure ease of Security Standards Council (SSC) review and listing updates.


Thinking about upgrades to your payment application software architecture and wishing to avoid re-assessment? Looking to reduce scope of assessment? Then, Fortrex PA-QSA consultation services may be right for you. Our industry expert PA-QSAs listen to the challenges which your organization faces, offer customized consultations and provide quality guidance. Don’t let mistaken assumptions impact your next assessment!

Speak with an assessment advisor today!

Contact Us