Pci Dss Readiness Assessment archives - Regulatory Compliance, Governance and Security

Regulatory Compliance, Governance and Security:

pci dss readiness assessment

Nov 17 2009   7:42PM GMT

PCI DSS Readiness Assessments | Hire a Qualified Security Assessor (QSA)



Posted by: Charles Denyer
pci dss readiness assessment, qualified security assessor, merchants, service providers, qsa, charles denyer, pci dss compliance

PCI DSS compliance can be an arduous undertaking for many service providers and merchants in today’s business arena. Add to the fact the many organizations are unsure of the roadmap for PCI DSS compliance, it makes sense to hire a Qualified Security Assessor (QSA) in helping you conduct a PCI DSS Readiness Assessment.

The most important findings and deliverables out of a PCI DSS Readiness Assessment are that your organization will truly understand what the scope of the assessment process is, that is, what systems, processes, and activities are to be included.

Secondly, your organization will also have identified what gaps or weaknesses are currently in place that will need to be corrected before you can even plausibly think of becoming PCI DSS compliant.

Additionally, a host of other helpful information can be provided by a Qualified Security Assessor when undertaking a PCI DSS Readiness Assessment. To learn more about PCI compliance, visit the official PCI DSS Resource Guide.

Sep 28 2009   12:35AM GMT

PCI DSS and Data Centers | Tips for Compliance



Posted by: Charles Denyer
pciassessment.org, qsa, PCI DSS, data centers, pci dss readiness assessment, penetration testing, quarterly scanning, two factor authentication

Payment Card Industry Data Security Standards (PCI DSS) compliance for data centers is here to stay, thus your facility should be prepared to undergo the PCI DSS assessment in a cost-effective and efficient manner. Here are some tips for PCI DSS compliance for data centers.

1. PCI DSS compliance is NOT just limited to Appendix A of the PCI DSS requirements.
2. Conduct a PCI DSS Readiness Assessment for truly understanding the scope of the engagement for compliance.
3. Make sure you have policy and procedural documentation in place as this is a very large and time consuming effort for any organization, especially data centers.
4. Understand the requirements for quarterly scanning and penetration testing and what is in scope for the PCI DSS assessment.
5. Correctly SCOPE the assessment. This sounds like an easy process, but it can become quite complex with all the products and services (managed services) that data centers offer for businesses today.
6. Understand the initial “roadblocks” which many service providers run into, such as having to implement two-factor authentication for remote access into the production environment along with having password requirements for all system components that fall within the scope of the actual PCI DSS assessment. (These are just two of the many roadblocks that organizations encounter).
7. Find a competent, well-qualified QSA to assist with all your compliance needs.

Visit the official PCI DSS Resource Guide to learn about PCI DSS compliance.