PCI Requirements Review: Sampling standard
...efore, and we used to have all kinds of fun in the assessment process with sampling. From the reader: Sampling methodology. The QSA has to validate that the sampled infrastructure is compliant with the requirements. However, time cost the client money which they don’t want to pay. They always go with the lowest price / proposal. How can the QSA convince the client that the sampling methodology used is aligned with the RoC reporting instructions? H...
Continue Reading