Regulatory Compliance, Governance and Security

Mar 26 2009   1:11AM GMT

PCI DSS | Payment Card Industry Compliance | Tips on Preparing for a PCI DSS Assessment



Posted by: Charles Denyer
Tags:
charles denyer
firewalls
merchant
PCI DSS
pci policies and procedures
pci qsa
routers
service provider
switches

Are you a merchant or service provider having to comply with the Payment Card Industry Data Security Standards v1.2, commonly known as PCI DSS? If so, take a page out of a QSA’s play book for helping you prepare for a PCI DSS assessment. While we as QSA’s often talk about and spend much time on I.T. security and network issues, such as firewalls, routers, switches, and other hardware/devices/and technology utilities, let me bring your attention to an often overlooked area. Policies and procedures. That’s right-at the heart of any successful PCI DSS assessment are the development of policies and procedures that are detailed, current, relevant, and represent an actual “representation” of your organization’s control environment. How important are they? Important enough that there is an entire section of the PCI DSS requirements, known as “Maintain an Information Security Policy” is dedicated to policies and procedures. What’s more, sprinkled throughout various other sections of the PCI DSS requirements are more calls for policies and procedures. Thus, its paramount that you tackle this arduous and time consuming task as soon as possible. Don’t have a good PP writer on board-then contract it out to a PCI QSA firm that has experience in developing policies and procedures for your organization.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: