The Softest Light, by chaps1

The Softest Light, by chaps1

Bill Brenner of CIO magazine published a feature article on Wednesday entitled “4 Ways to Get the Most From Your PCI QSAs” where he picks four main things to focus on when using the services of a QSA.  VeriSign published a whitepaper last year reviewing several items to consider when shopping for a QSA, all of which tied back to Brenner’s recommendations.

Brenner asserts that the four ways to get more from your QSA are:

  1. Choose your vendor wisely. PCI compliance is probably an important project to your organization, so be sure you find a QSA that will make your project successful.  Don’t hastily throw a solution together, treat it like the strategic project it is (and then treat it like the program it should be once you meet compliance).
  2. Lay the groundwork. Don’t go into assessments wondering if you will pass.  KNOW the outcome before you start!  That mean’s pre-assess!
  3. Give the QSA access to key players. Many times I have been on engagements where the wrong people are presented for interview.  Either they are too junior, they are the FNG, or even the wrong department.  Giving access to key players saves both your time and money.
  4. Don’t treat the QSA like an enemy! This one is the MOST important of the four.  Your relationship with your QSA should be a partnership.  If you treat your QSA like an auditor, you are only doing harm to yourself.

Go check out his article and the VeriSign whitepaper!

This post originally appeared on

Possibly Related Posts: