The Quality Security Assessor (QSA) a Merchant chooses will dramatically impact on how the Merchant achieves compliance.
In simple terms the right advice and guidance saves time and money whilst reducing risk and achieving compliance. The wrong advice or guidance could prove extremely costly.
SANS: “The independent white paper in this security KnowledgeVault is just one of the resources to help you make the right decision. It details the top 5 questions to ask a prospective QSA firm and offers guidelines on everything from making sure they adequately handle compensating controls to assessing their expertise with virtualization”.
The 5 questions are
- For what types of organizations have you performed PCI DSS assessments?
- What is your background?
- Who will be performing the work?
- How do you validate and assess compensating controls?
- Are there examples of your assessments being used to improve security for clients?
Reading the white paper and asking these question could prove vital to the succesful completion of a PCI DSS project.
Download the white paper here. Registration is required.
Source: Dell and SANS