All Qualified Security Assessors Are Not Created Equal
The Payment Card Industry Data Security Standard (PCI DSS) requires Level 1 merchants and service providers to undergo an onsite assessment of their security systems and procedures annually. This assessment is typically performed by a Qualified Security Assessor (QSA). Many companies assume that PCI compliance is synonymous with having a strong security posture, although recent security breaches highlight the danger of this assumption. Holistic, sound security practices are the building blocks for achieving PCI compliance, coupled with the astute use of the services of QSAs and security professionals who have expertise in network and data security.
This white paper provides some criteria to consider in choosing an appropriate QSA for your annual assessment by highlighting key differentiators among QSAs.