Chapter 11. Don't Fear the Assessor
The title of this chapter might shock you a little bit. Why? Have you noticed that the words “audit” and “auditor” in reference to Payment Card Industry Data Security Standards (PCI DSS) are copiously missing from this book? That's because the correct terms are “assessment” and “assessor” when referring to PCI DSS. While your Qualified Security Assessor (QSA) may be a CPA, it is not a requirement, and most QSAs are not. The procedures an assessor uses to validate your compliance with PCI DSS are called the Security Assessment Procedures (not the Auditing Procedures). It's amazing what the change of a word will do to get you a more complete assessment. Imagine if your Internal Audit Group changed their name to ...
Get PCI Compliance, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.