Skip navigation

PCI: Data security assessors and auditors now will need to meet own minimum requirements

WAKEFIELD Mass. —Qualified security assessors and approved scanning vendors who profit from the Payment Card Industry group’s stringent Data Security Standards for restaurateurs and merchants now must meet minimum requirements of their own, the PCI’s Security Standards Council said.

“Feedback from the council’s participating organizations and others made it clear that the assessment process for the PCI standards would benefit greatly from more rigorous guidelines,” said Bob Russo, the council’s general manager. “As a result, we created a clear-cut program that will help ensure all those involved in this process are consistent, credible, competent and ethical.” —Qualified security assessors and approved scanning vendors who profit from the Payment Card Industry group’s stringent Data Security Standards for restaurateurs and merchants now must meet minimum requirements of their own, the PCI’s Security Standards Council said.

Some restaurant companies have complained that acquiring PCI DSS certification was time-consuming because of vague guidelines or moving-targetlike requirements. They said the process also can be costly, with a contributing factor being the required use of third-party qualified security assessors, or QSAs, and approved scanning vendors, or ASVs. —Qualified security assessors and approved scanning vendors who profit from the Payment Card Industry group’s stringent Data Security Standards for restaurateurs and merchants now must meet minimum requirements of their own, the PCI’s Security Standards Council said.

Council representatives said participation in the quality assurance program will be mandatory for QSAs and ASVs who want to register with that body for authorization to conduct PCI assessments. —Qualified security assessors and approved scanning vendors who profit from the Payment Card Industry group’s stringent Data Security Standards for restaurateurs and merchants now must meet minimum requirements of their own, the PCI’s Security Standards Council said.

The quality assurance program is based on eight principles. The creators said that through the program, the council and assessor community commit to upholding the best interests of the assessor client; maintaining consistent assessor procedures and reporting; interpreting the PCI standards appropriately as applicable to the client’s systems and environment; and remaining current with industry trends and council updates. —Qualified security assessors and approved scanning vendors who profit from the Payment Card Industry group’s stringent Data Security Standards for restaurateurs and merchants now must meet minimum requirements of their own, the PCI’s Security Standards Council said.

Security Standards Council sources said the program would be rolled out in four stages throughout 2009. To interact with assessors, merchants and service providers, they said, the council would employ certification reviews, credit checks, training, educational webinars, newsletters, a dedicated e-mail service, question-and-answer documents, informational supplements and feedback forms. —Qualified security assessors and approved scanning vendors who profit from the Payment Card Industry group’s stringent Data Security Standards for restaurateurs and merchants now must meet minimum requirements of their own, the PCI’s Security Standards Council said.

More information is available online at https://www.pcisecuritystandards.org . —Qualified security assessors and approved scanning vendors who profit from the Payment Card Industry group’s stringent Data Security Standards for restaurateurs and merchants now must meet minimum requirements of their own, the PCI’s Security Standards Council said.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish