Undertaken our own PCI Foundation course (http://www.itgovernance.co.uk/products/1858) and now working my way through the "PCI DSS: A Practical Guide to Implementing and Maintaining Compliance" by Steve Wright (http://www.itgovernance.co.uk/products/1670).
Also being review the material from American Express, Visa & Mastercard about their compliance programmes.
The PCI Validation Requirements For Qualified Security Assessors (QSA) recommends the following documents
- Payment Card Industry (PCI) Data Security Standard Security Audit Procedures (“PCI DSS Security Audit Procedures”)
- PA-DSS Security Audit Procedures
However having problems finding PCI DSS Security Audit Procedures on the PCI Security Standards Website which is a document that is referred by a number of others on the site. However a very early version of the PCI DSS Audit document seems to indicate it has now being incorporated into the main documentation. It is a shame that the Audit procedures are not a clearly defined document as the PCI SSC website has a lot of useful documentation for the standard, as do the main card issuers sites, having worked with many standards from a range of industry I have found often there is a lack of freely available documentation about them, which does not seem the case with the PCI DSS.
No comments:
Post a Comment