End of the line, by lrargerich
QSAs are human, and humans make mistakes. Over the last several posts we have discussed seven deadly sins committed by QSAs, shown examples of what those mistakes look like, and given you guidance for how to avoid them or navigate your way through them if you find yourself in the middle of one. If you must comply with PCI DSS, one of the best investments you can make in your people is to put them through the same training QSAs go through and have them certified as Internal Security Assessors (ISAs). This way, you will have an additional check to know if a QSA is making one of these (or other) mistakes and have a chance at catching them before they derail the entire PCI DSS assessment process.
Though not all problems are caused by QSAs (merchants and service providers are just as guilty of making mistakes), hopefully the tips presented here will benefit you in your quest to become PCI compliant and your charge to maintain PCI compliance.
Click here to download this series as an article!
Possibly Related Posts:
- PCI DSS 4.0 Released plus BOOK DETAILS!
- PCI Council Loses $600K in Revenue, PO Population on the Decline
- Why PCI DSS 4.0 Needs to be a Complete Rewrite
- Orfei Steps Down
- Should you be a PCI Participating Organization?