The acronym ‘QSA’ and the term ‘audit’ evoke images associated with fear, anxiety, anger, confusion, expense, exhaustion, and the list can go on. How about ‘hacker’ and the term ‘breach’? Do they conjure up images related to nightmare, exposure, penalty, loss, downfall…? Clearly, we all know who the enemy is and retailers should truly panic only about the never-ending impact of a breach.
A QSA’s job and intentions are not to intimidate but to partner with the retailer by making sure that security is preserved in a business’s card data environment (CDE). With this premise, let’s begin an organized exercise.
What should the retailer expect before bringing in a QSA?
The retailer should expect requests for:
Read the rest of the answers to questions above.