Regulatory Compliance, Governance and Security

Mar 24 2009   11:39PM GMT

12 PCI DSS Requirements | Lessons Learned from a PCI QSA

Charles Denyer Charles Denyer Profile: Charles Denyer

The 12 PCI DSS Requirements are lengthy and technical indeed. However, organizations need to truly understand the scope of the PCI assessment for gaining greater insight into the efficiencies that can be had for undertaking a Payment Card Industry Data Security Standards (PCI DSS) Assessment.

So, what are my lessons learned as a Qualified Security Assessor (QSA) who conducts PCI assessments?

First and foremost, the assessment is NOT always about technology. Sure there is a host of requirements surrounding the “system components” of the “cardholder environment”, but look closer and you will find that developing documented policies and procedures is one of the most time-consuming and arduous processes of the entire assessment? Your kidding, you might say? Not at all, it’s amazing how much time and effort is needed for developing these documents for ensuring PCI compliance.

Add to the fact that you need to properly “scope” the assessment for a number of parameters and I would highly advice a PCI Readiness Assessment for any entity going through a Level 1 PCI engagement.

Properly scope the assessment for what is and is not included in the “cardholder environment”, conduct a PCI Readiness Assessment and be mindful of the documented policies and procedures that must be in place for compliance.

To learn more about PCI, visit pciassessment.org

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: