Learning from the best: PCI Qualified Security Assessor guidance

PCI QSA Geraint Williams

IT Governance’s QSA, Geraint Williams

In our experience, many merchants that need to comply with the Payment Card Industry Data Security Standard (PCI DSS) fail because of four common issues:

  1. Lack of knowledge and skills
  2. Budgetary restrictions, coupled with the need to complete the compliance project in-house
  3. Documentation errors – not keeping it up to date, etc.
  4. Failure to implement requirements as business as usual procedures

Achieving and maintaining compliance with the PCI DSS is by no means an easy matter, especially for complex organisations that lack appropriate internal skills and expertise. Many small and medium-sized merchants would benefit from the help of consultants or PCI experts such as QSAs (Qualified Security Assessors), but are hindered by constricted budgets.

Expert PCI help

The process of becoming a PCI QSA is tough: applicants must first apply through their company (submitting certifications, business licence, insurance certifications and registration fees), and then must undergo and pass the PCI Security Standards Council’s QSA training course in order to receive their official certification. They must then be recertified each year to ensure they continue to provide a suitable service. Make no mistake: the PCI QSA qualification is hard-won, and the cost of engaging a QSA as a consultant reflects this.

Benefiting from the expertise of a QSA needn’t involve engaging one as a consultant, though. If you are a small to medium-sized merchant looking for PCI compliance, then our PCI DSS Documentation Toolkit could well be the solution you’ve been looking for.

Designed by QSA Geraint Williams, this toolkit contains expert guidance and advice, and fully customisable documentation templates to support your project by ensuring that your documentation is compliant with PCI DSS v3.1.

Not only will you receive expert PCI guidance from the best, you’ll have it at a fraction of the cost of a day’s QSA consultancy fees. The documentation you create will be up to date with PCI DSS v3.1 and reduce errors, and you and your team will become PCI experts with these simple, fully customisable, pre-written documentation templates.

Benefit from expert PCI QSA guidance; find out more about the PCI DSS Documentation Toolkit now >>