All the latest UK technology news, reviews and analysis
|
|
|
17 Nov 2008
The Payment Card Industry Security Standards Council (PCI SSC) today announced a new programme designed to improve consistency among qualified security assessors tasked with determining the compliance status of organisations affected by PCI.
The initiative will give Qualified Security Assessors and Approved Scanning Vendors a set of requirements to comply with if they want to retain the ability to conduct PCI assessments.
Bob Russo, general manager of the PCI SSC, explained that the programme will complement the current training and strict applications vetting process.
"This is the next evolutionary cycle, and we wanted to take things a bit further by looking at the reports [the assessors generate]," he said. "This quality assurance programme is because there are now so many assessors out there, not because we've had any complaints about them."
The organisations which perform the majority of PCI assessments will be assessed every year, while those which are less prolific will go through the cycle every two or three years, unless a complaint is lodged against them. In this case they will jump to the head of the queue, said Russo.
Latest stories from Management
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Hands on with the highly anticipated Android 4.0 Ice Cream Sandwich hybrid tablet
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Cisco Voice Support (IPT, Unified Communications) Cisco...
Business Analyst - Finance, Retail Banking/Core Banking...
Senior C# Developer Senior C# Developer required for...
GREYWOOD ASSOCIATES are currently recruiting for an experienced...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
PCI qualified security assessors
I welcome the news that the PCI Security Standards Council has announced a quality assurance program for qualified security assessors. Determining the appropriate scope is one of the most difficult components of the PCI compliance exercise. A multitude of end point devices, virtualisation, and other technologies can sometimes create more questions than they answer, which is why auditing the auditors for consistency - especially as it relates to scoping - is a very good thing. There is now a growing acceptance of the importance of PCI compliance within the industry. Indeed, companies can spend months creating a detailed audit trail to provide evidence to PCI assessors that all policies and procedures have been diligently followed. The introduction of more rigorous guidelines in the latest release of PCI DSS in version 1.2 will now ensure that assessments are consistent across the industry and should ultimately help more companies to achieve and maintain compliance. Yours sincerely Robert Kidd General Manager, EMEA Tripwire www.tripwire.com
Posted by: Robert Kidd 28 Nov 2008