The overall objective of auditing is to check over a specified regular audit period (which should last no more than one year) that all aspects of the PCI compliance programme are functioning as intended and that the minimum requirements, as specified in PCI DSS are being met.

Like many regulations, PCI can be intimidating because it is a broad-reaching set of requirements potentially including all of your information systems in scope. Unlike other regulations, PCI is highly prescriptive and there is a huge amount of supporting useful and free material available to help you determine if you need to comply; and therefore help your entity prepare for your external audit (QSA), external scan (ASV) or your self-assessment. ...

Get PCI DSS: A Practical Guide to implementing and maintaining compliance, Third Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.