Nearly all schools validate their PCI compliance using a Self-Assessment Questionnaire (SAQ). Nevertheless, many schools also hire a QSA to help them in the process, either with training, conducting a PCI gap analysis, designing a compensating control, or just helping the internal team through the process. All of which raises the question: how do you select a QSA?
Do you pick the biggest, the cheapest, the easiest grader, the one who worked with another school you know? For an interesting insight, take a look at good friend Dave Taylor's post at StorefrontBacktalk. Dave takes you through the ups and downs all in a couple of pages.
Full disclosure: I work for a QSA firm. But what I would like to hear is how did YOU chose your QSA? What factors did you consider? What was important to you and your institution? Leave a comment. It won't take long, and we all might benefit from sharing the information.
Wednesday, August 26, 2009
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment