Stampa Stampa
Dimensione testo Aumenta dimensione carattereDiminuisce dimensione carattereReimposta dimensione carattere

QSA Remediation Statement

Download the remediation statement.

The PCI Security Standards Council maintains rigorous guidelines for its Quality Security Assessors (QSAs). To that end, it has created a clear-cut program to help all QSAs uphold a strong profile by following a process that ensures their consistency, credibility, competency and ethics. The quality assurance (QA) program is based on eight guiding principles that the assessor community must adhere to:

  1. Uphold the best interest of the assessor client;
  2. Adhere to validation requirements among the assessor company;
  3. Adhere to validation requirements among the assessor employee;
  4. Maintain consistent assessor procedures and reporting;
  5. Interpret the PCI standards appropriately as applicable to the client's systems & environment;
  6. Remain current with industry trends and PCI SSC updates in the assessor community;
  7. Report all opinions as factual, documented and defendable, and;
  8. Maintain a positive relationship between the assessor and PCI SSC.

When a QSA enters remediation within the QA program, it indicates there is a need for the QSA to improve in one or more areas of their operations. These areas may include a lack of documentation in a series of reports, failure to meet business expectations with a fully operational internal QA program, or a failure to renew appropriate insurance coverage or other requirements addressed within the Validation Requirements for QSAs document.

The PCI Security Standards Council has full confidence in all QSAs posted on our Website. These organizations have successfully demonstrated years of security experience prior to qualifying and knowledge of the PCI DSS requirements, supplemented with annual training and testing.

In short, simply because a QSA is in remediation, it does not nullify their knowledge of the PCI Data Security Standard subject matter. All QSAs currently in remediation status are working diligently with the Council to return to good standing.


Inizio pagina

L’ente responsabile degli standard di protezione PCI (l’ “Ente responsabile”) mette a disposizione diversi strumenti, questionari, istruzioni, Domande frequenti (FAQ), risorse per la formazione ed altri materiali ed informazioni per offrire assistenza alle organizzazioni che cercano di ottenere la conformità ai suoi standard (gli “Standard”). Sono disponibili anche prodotti e servizi di terze parti, ma l'Ente responsabile non approva o raccomanda alcuno di tali prodotti o servizi, e consiglia a tutte le organizzazioni che cercano di ottenere la conformità di conoscere gli Standard ed i requisiti correlati prima di acquistare prodotti o servizi di terze parti. In conclusione, per ottenere la conformità è necessario soddisfare tutti i requisiti applicabili, indipendentemente da se e quali prodotti o servizi di terze parti siano utilizzati.
Powered By OneLink