pci policies and procedures

PCI DSS Self Assessment | Expert Advice for PCI Compliance

A PCI DSS Self Assessment is “technically” just that, a self-assessment you or your organization can undertake on your own. Great, you may be thinking, it’s just a few check the boxes and I’m done, right?

Not so fast. Many organizations that have to become PCI DSS compliant quickly run into a brick wall on the self-assessment activities because they simply lack the technical knowledge or have trouble locating specific resource in which they need.

My advice, seek the council of a Payment Card Industry Qualified Security Assessor (PCI-QSA) in helping you navigate the waters of PCI DSS Self Assessment compliance. A good PCI QSA should charge you a nominal, fair fee and will definitely give you the “pointers” you need in truly understanding the pitfalls of PCI DSS self assessment.

Keep this in mind with any PCI DSS self assessment: You need to understand certain technology and security requirements of your “cardholder environment” and you need to be able to develop policies and procedures for a number of measures.

Good luck and get compliant!

PCI DSS | Payment Card Industry Compliance | Tips on Preparing for a PCI DSS Assessment

Are you a merchant or service provider having to comply with the Payment Card Industry Data Security Standards v1.2, commonly known as PCI DSS? If so, take a page out of a QSA’s play book for helping you prepare for a PCI DSS assessment. While we as QSA’s often talk about and spend much time on I.T. security and network issues, such as firewalls, routers, switches, and other hardware/devices/and technology utilities, let me bring your attention to an often overlooked area. Policies and procedures. That’s right-at the heart of any successful PCI DSS assessment are the development of policies and procedures that are detailed, current, relevant, and represent an actual “representation” of your organization’s control environment. How important are they? Important enough that there is an entire section of the PCI DSS requirements, known as “Maintain an Information Security Policy” is dedicated to policies and procedures. What’s more, sprinkled throughout various other sections of the PCI DSS requirements are more calls for policies and procedures. Thus, its paramount that you tackle this arduous and time consuming task as soon as possible. Don’t have a good PP writer on board-then contract it out to a PCI QSA firm that has experience in developing policies and procedures for your organization.