PCI SSC launches quality assurance programs for QSAs and ASVs
The new quality assurance program is based on eight guiding principles. Through the program, the Council and assessor community commit to:
Uphold the best interest of the assessor client
Adhere to validation requirements among the assessor company
Adhere to validation requirements among the assessor employee
Maintain consistent assessor procedures and reporting
Interpret the PCI standards appropriately as applicable to the client’s systems & environment
Remain current with industry trends and PCI SSC updates in the assessor community
Report all opinions as factual, documented and defendable, and
Maintain a positive relationship between the assessor and PCI SSC.
The program will continue to be rolled out in a four-stage process throughout 2009.
For More Information:
More information on the PCI Security Standards Council and becoming a participating organization please visit www.pcisecuritystandards.org , or contact the PCI Security Standards Council at participation@pcisecuritystandards.org.
About the PCI Security Standards Council: The mission of the PCI Security Standards Council is to enhance payment account security by driving education and awareness of the PCI Data Security Standard and other standards that increase payment data security. The PCI Security Standards Council was formed by the major payment card brands American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. to provide a transparent forum in which all stakeholders can provide input into the ongoing development, enhancement and dissemination of the PCI Data Security Standard (DSS), PIN Entry Device (PED) Security Requirements and the Payment Application Data Security Standard (PA-DSS). Merchants, banks, processors and other vendors are encouraged to join as participating organizations.
Wakefield, Mass., Nov. 17, 2008 -- The PCI Security Standards Council (PCI SSC), a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Entry Device (PED) Security Requirements and the Payment Application Data Security Standard (PA-DSS), announces that it has launched a quality assurance program for Qualified Security Assessors (QSAs) and Approved Scanning Vendors (ASVs).
The new program was designed to provide QSAs and ASVs with a set of requirements that helps ensure they provide consistent, quality validation and assessment services to merchants and service providers.
The PCI SSC developed the quality assurance program as a direct result of feedback from the Council’s participating organizations and assessment community and is intended to promote consistent interpretation of the PCI standards and ensure quality is maintained among all vendors.
Participation in the program will be required for the Council’s registered QSAs and ASVs, in order for them to retain the ability to conduct PCI assessments.
The new program was designed to provide QSAs and ASVs with a set of requirements that helps ensure they provide consistent, quality validation and assessment services to merchants and service providers.
The PCI SSC developed the quality assurance program as a direct result of feedback from the Council’s participating organizations and assessment community and is intended to promote consistent interpretation of the PCI standards and ensure quality is maintained among all vendors.
Participation in the program will be required for the Council’s registered QSAs and ASVs, in order for them to retain the ability to conduct PCI assessments.
“Feedback from the Council’s participating organizations and others made it clear that the assessment process for the PCI standards would benefit greatly from more rigorous guidelines,” said Bob Russo, general manager, PCI Security Standards Council. “As a result, we created a clear-cut program that will help ensure all those involved in this process are consistent, credible, competent and ethical.”
The new quality assurance program is based on eight guiding principles. Through the program, the Council and assessor community commit to:
Uphold the best interest of the assessor client
Adhere to validation requirements among the assessor company
Adhere to validation requirements among the assessor employee
Maintain consistent assessor procedures and reporting
Interpret the PCI standards appropriately as applicable to the client’s systems & environment
Remain current with industry trends and PCI SSC updates in the assessor community
Report all opinions as factual, documented and defendable, and
Maintain a positive relationship between the assessor and PCI SSC.
An expanded range of communications channels will allow the PCI SSC to interact with assessors, merchants and service providers on an ongoing basis through certification reviews, credit checks, training, educational webinars, newsletters, a dedicated e-mail service, question and answer documents, informational supplements and feedback forms. A team of dedicated staff will validate assessor application and renewals, ensure that training is relevant and accessible to organizations and maintain the integrity of the testing process. This team also will be responsible for assessor performance monitoring and overseeing any necessary disciplinary action, which could include probation or revocation.
The program will continue to be rolled out in a four-stage process throughout 2009.
For More Information:
More information on the PCI Security Standards Council and becoming a participating organization please visit www.pcisecuritystandards.org , or contact the PCI Security Standards Council at participation@pcisecuritystandards.org.
About the PCI Security Standards Council: The mission of the PCI Security Standards Council is to enhance payment account security by driving education and awareness of the PCI Data Security Standard and other standards that increase payment data security. The PCI Security Standards Council was formed by the major payment card brands American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. to provide a transparent forum in which all stakeholders can provide input into the ongoing development, enhancement and dissemination of the PCI Data Security Standard (DSS), PIN Entry Device (PED) Security Requirements and the Payment Application Data Security Standard (PA-DSS). Merchants, banks, processors and other vendors are encouraged to join as participating organizations.