Chapter 13 Don’t Fear the Assessor

Information in this chapter:

• Remember, Assessors Are There to Help

• Dealing With Assessors’ Mistakes

• Planning for Remediation

• Planning for Reassessing

The title of this chapter might shock you a little bit. Why? Have you noticed that the words “audit” and “auditor” in reference to PCI DSS are copiously missing from this book? That’s because the correct terms are “assessment” and “assessor” when referring to PCI DSS. While your QSA may be a CPA, it is not a requirement, and most QSAs are not; instead more come from IT domain. The procedures an assessor uses to validate your compliance with PCI DSS are called the Security Assessment Procedures (not the Auditing Procedures). It’s amazing what the change ...

Get PCI Compliance, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

PCI Compliance, 3rd Edition by Branden R. Williams, Anton Chuvakin

Chapter 13

Don’t Fear the Assessor

Information in this chapter:

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly