Regulatory Compliance, Governance and Security:

PCI DSS


June 16, 2009  11:40 AM

PCI DSS Requirements for Service Providers | Expert Advice from a QSA



Posted by: Charles Denyer
amex, charles denyer, data centers, Discover Card, ISO, jcb, managed service providers, mastercard, payment card industry data security standards (PCI DSS), payment gateways, PCI DSS, pci dss compliance, pci qsa, qualified security assessor, service providers payment card compliance, transaction processors, visa, web hosting providers

PCI DSS compliance is becoming a requirement for many service providers involved in the processing, storage, transmission, and switching of transaction data and cardholder data. In short, a service provider, for purposes of Payment Card Industry Data...

June 16, 2009  2:35 AM

SAS 70 Audits and PCI DSS | Yes, There is a Big Difference



Posted by: Charles Denyer
assessments, audits, charles denyer, cpa firm, payment card industry data security standards, PCI DSS, PCI DSS Level 1 compliance, report on compliance, ROC, sas 70 type ii audit

SAS 70 audits, especially Type II reports and PCI DSS Level 1 Report on Compliance (ROC) assessments are dominating today's regulatory compliance arena. Painfully, as a SAS 70 auditor and a PCI DSS assessor, I keep hearing people talk about these two compliance initiatives as if they are one in...


May 31, 2009  3:33 PM

Policies and Procedures | SAS 70 | PCI DSS | An Auditor’s Viewpoint



Posted by: Charles Denyer
Add new tag, change management, charles denyer, Maintain an Information Security Policy, PCI DSS, policies and procedures, requirement 12, SAS 70 Type I, sas 70 type ii

Policies and Procedures-it's such a common theme and phrase in today's regulatory compliance and governance arena, so much so, i think it should have it's own Wikipedia page. It can be an arduous undertaking in developing these documents. Furthermore, policies and procedures are becoming...


May 26, 2009  6:22 PM

PCI DSS Level 1 Compliance | Helpful Tips from a PCI QSA



Posted by: Charles Denyer
charles denyer, payment card industry data security standards, PCI DSS, PCI DSS Level 1 compliance, pci qsa, pciassessment.org, policies and procedures, requirement 12

Payment Card Industry Data Security Standards (PCI DSS) Level 1 compliance can be a very arduous, time-consuming and costly undertaking for any organization. However, there are a number of proactive steps that should be put in place for helping ensure an...


May 9, 2009  9:49 PM

PCI DSS Self Assessment Questionnaire | Easier Said Than Done



Posted by: Charles Denyer
charles denyer, payment card industry data security standards, PCI DSS, PCI DSS Self Assessment Questionnaire, pciassessment.org, qualified security assessor

PCI DSS Self Assessment questionnaires are used for the large and growing number of merchants who must comply with the Payment Card Industry Data Security Standards (PCI DSS). In short, compliance can be obtained by conducting a "Self Assessment". What's important to note, however, is that there...


April 20, 2009  1:03 PM

Payment Card Industry Data Security Standard | Learn about PCI DSS



Posted by: Charles Denyer
american express, amex, charles denyer, discover, jcb, mastercard, merchants, Payment Card Industry Data Security Standard, PCI DSS, pci dss self assessment, pci ssc, service providers, visa

The Payment Card Industry Data Security Standard, commonly known as PCI DSS, is a far reaching compliance initiative put forth in a collaborative fashion by the major payment brands (VISA, MasterCard, American Express, Discover, and JCB). These compliance initiatives are overseen and guided by the...


March 27, 2009  10:15 PM

PCI DSS Transaction Levels | VISA Requirements for Merchants



Posted by: Charles Denyer
charles denyer, payment card industry data security standards (PCI DSS), PCI DSS, pci dss transaction levels, pci qsa, qualified security assessor (QSA), visa, visa level 1

PCI DSS transaction levels for merchants are used to identify what "Level" an organization would fall into for PCI DSS compliance. Level 1: Any merchant-regardless of acceptance...


March 26, 2009  1:34 PM

Compliance with PCI DSS | Expert Advice from a PCI QSA



Posted by: Charles Denyer
charles denyer, compliance with pci dss, merchants, payment card industry, PCI DSS, pci dss self assessment, qsa, qualified security assessor, service providers

Compliance with PCI DSS can be daunting and a challenge indeed. However, simply breaking down the PCI DSS requirements and looking at it in a thought manner will help alleviate your concerns. As a Payment Card Industry Qualified Security Assessor (PCI...


March 26, 2009  1:11 AM

PCI DSS | Payment Card Industry Compliance | Tips on Preparing for a PCI DSS Assessment



Posted by: Charles Denyer
charles denyer, firewalls, merchant, PCI DSS, pci policies and procedures, pci qsa, routers, service provider, switches

Are you a merchant or service provider having to comply with the Payment Card Industry Data Security Standards v1.2, commonly known as PCI DSS? If so, take a page out of a QSA's play book for helping you prepare for a PCI DSS assessment. While we as QSA's...


March 24, 2009  11:49 PM

What is Required for PCI Assessment? | PCI DSS Q and A



Posted by: Charles Denyer
Build and Maintain a Secure Network, charles denyer, Implement Strong Access Control Measures, Maintain an Information Security Policy, PCI DSS, Protect Cardholder Data, qualified security assessor (QSA), Regularly Monitor and Test Networks, requirement 12, What is Required for PCI Assessment?

What is required for PCI assessment compliance? This is a question i'm often asked, especially by organizations that need to comply with Level 1 of the PCI DSS standards, which is an on-site assessment conducted by a Qualified Security Assessor (QSA), such as myself. Well,


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: