I previously referenced an article on how to select a QSA. Now there is another article (4 Ways to Get the Most From your PCI QSAs) at Computerworld with similarly good advice.
It all boils down to your taking some time, checking out the actual people who will be doing the work, and cooperating. I'm amazed, surprised, and a little disappointed to hear of a school that views their QSA as an enemy or as somebody with a raging case of the swine flu to be avoided at all costs.
Anyway, remember you are paying, so to get the most for your money pick a QSA carefully and work with them to get the greatest value for your institution.
Update: In an article in Digital Transactions, the CEO of Heartland makes the case for choosing a QSA carefully perhaps better than either of the references above. His point about a low bidders is valid not just for QSAs but for just about any situation. Read it and see if there is a lesson for you in there.
How to Lose a Fortune with Just One Bad Click
57 minutes ago
Great Tips!!
ReplyDeleteHere is another tip. Ask to meet the QSA(s)in advance so that you can interview the actual person(s) responsible for performing the assessment.