Andrew Conry-Murray of Information Week writes:
Bottom line, PCI compliance is mutable. While a compliance certification is valid for one year, a retailer may perform actions, or fail to perform actions, that take it out of compliance. On the one hand, this is sensible. PCI rules are like the dietary guidelines a doctor issues to a patient. It’s not the physician’s fault if someone with through-the-roof cholesterol ignores advice and eats like Homer Simpson.
Could I have said it better? PCI? Program not Project? Homer Simpson? I think not.
This is the reason why we created the PCI Program Management offering at VeriSign. This helps customers maintain compliance, and get management confidence that they are compliant every day.
Oh yeah, and don’t forget, all QSAs are not created equal!
Possibly Related Posts:
- PCI DSS 4.0 Released plus BOOK DETAILS!
- PCI Council Loses $600K in Revenue, PO Population on the Decline
- Why PCI DSS 4.0 Needs to be a Complete Rewrite
- Orfei Steps Down
- Should you be a PCI Participating Organization?