Monday, July 16, 2007

Who is the enforcement arm for PCI? The new 3 letter agency?

I recently found out that the QSA's are the enforcement folks in the PCI Compliance arena. They need to sign off that not only are they a solid choice to audit you, but they'll be forced to blow the whistle if there is anything amiss.

This got me thinking... Who else is offering a pre-audit who is not a QSA?

It's pretty clear what needs to be in place, it's also pretty clear when something is not, it's also very clear that you want to use a third party so that no cover your ass things take place in the ranks.

So are there any other ex-cop/private investigator/black ops types out there? You know what I mean, they guys that KNOW the system but aren't PART of the system...


Blogger Tabitha said...

Actually not true at all. As a QSA you usually have NDAs in place that disallow you to discuss anything about your clients (not with the Bank, not with the card association, etc). This means pre-audits, gap analysis, remediation, findings, etc are completely confidential unless your client ASKS you to talk with them to an outside party.

8:04 PM  

Post a Comment

<< Home