Chapter 13
Don’t Fear the Assessor
Information in this chapter:
• Remember, Assessors Are There to Help
• Dealing With Assessors’ Mistakes
• Planning for Remediation
• Planning for Reassessing
The title of this chapter might shock you a little bit. Why? Have you noticed that the words “audit” and “auditor” in reference to PCI DSS are copiously missing from this book? That’s because the correct terms are “assessment” and “assessor” when referring to PCI DSS. While your QSA may be a CPA, it is not a requirement, and most QSAs are not; instead more come from IT domain. The procedures an assessor uses to validate your compliance with PCI DSS are called the Security Assessment Procedures (not the Auditing Procedures). It’s amazing what the change ...
Get PCI Compliance, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.