Security Centric joins PCI QSA program, but for different reasons

by Sash, on 14/05/2015 2:05:00 PM

QSA organisations and individual assessors usually complete the final phase of a PCI DSS compliance program – that is, a final audit. Whilst Security Centric is a QSA organisation, only a small proportion of engagements are to perform the final compliance audit.

The real value of being a QSA organisation is Security Centric’s involvement in assisting organisations in becoming compliant whilst avoiding disruption to day-to-day operations and minimising cost of compliance. By becoming part of the QSA program, Security Centric is able to assist organisations that are going through the compliance process by providing guidance for a remediation approach that is certain to pass QSA audit. Protecting Payment Information

The QSA audit is often an all care, no responsibility approach. It is easy to specify what needs to be done to be compliant, but the real pain is felt by the organisation – through reduced business efficiency and/or cost of remediation and compliance programs.

In 2014, Security Centric joined the QSA program is order to provide decisive guidance and options that satisfy compliance requirements without having to significantly reengineer infrastructure and compromise business workflows. PCI DSS may become a compliance responsibility, but the organisation still needs to be able to function in a manner that is commercially viable.

 

The Payment Card Industry Data Security Standard (PCI DSS) is used, and often mandated, by the major credit card brands to protect credit card details stored by merchants and similar organisations. The Payment Card Industry runs a program where organisations and appropriately trained staff are certified as Qualified Security Assessors (QSAs).

There are currently 21 Australian QSA organisations.

Comments

Finally, an actionable blog

The purpose of this blog is to make available the real-world lessons, experience, observations and mistakes that are part of the daily life of a group of cyber security professionals.

Read about:

  • What mistakes organisations are making (anonymously of course!)
  • What effective actions are available to quickly and economically achieve effective protection (without buying new kit)
  • Trends we're seeing, via our incident response and forensic investigation capabilities
  • And sometimes, just frustrations about what is wrong with cyber :|

Subscribe to Updates