• Remember, Assessors Are There to Help
• Dealing With Assessors’ Mistakes
• Planning for Remediation
• Planning for Reassessing
The title of this chapter might shock you a little bit. Why? Have you noticed that the words “audit” and “auditor” in reference to PCI DSS are copiously missing from this book? That’s because the correct terms are “assessment” and “assessor” when referring to PCI DSS. While your QSA may be a CPA, it is not a requirement, and most QSAs are not; instead more come from IT domain. The procedures an assessor uses to validate your compliance with PCI DSS are called the Security Assessment Procedures (not the Auditing Procedures). It’s amazing what the change ...