Suggestions for PCI DSS assessments and endeavors – Tip 2

  • Team Omega
  • October 8, 2012

Here are some tips recommended to companies to stay compliant year after year. Compliance report from 2011 by Verizon has some new suggestions based on QSA findings from their assessments of different businesses. 

You will find one tip a week in our Omegasecure Blog site.  Please bookmark and visit this site every week for a new tip.

Tip 2
Use caution when self-validating

The more experienced Level 1 and 2 merchants have started validating themselves using an Internal Security Assessor (ISA).  It is necessary for an ISA to have gone through a complete training program to be sure that PCI DSS requirements are completely covered and understood by the company.  Since an ISA is appointed by the company, measures taken for data security may not be as stringent.  The only way to ensure this is to have a third party validate the findings.  So when an audit is done the loopholes are non-existent and they match up to all the stringent measures taken by a Qualified Security Assessor (QSA).