Every organisation aiming to achieve PCI DSS compliance has an area of common concern;...
A Payment Card Industry Qualified Security Assessor or PCI QSA is a professional who provides both PCI assessments and consulting services pertaining to PCI compliance. If you are considering hiring a professional to help you with your business, here are a few helpful guidelines.
You Get What You Pay For
While it may be tempting to opt for the services of an assessor who asks for the lowest professional fee, remember that you almost always get what you pay for. Remember that PCI Compliance is not just another item to tick off your to-do list. Failure to obtain it can lead to serious consequences. Although there are some assessors who do ask for low professional fees, these are more an exception than the rule.
The Value of PCI QSA Certification
It does not necessarily mean that when an assessor is certified, he can offer the best advice. Most professionals vary in their ability and proficiency. The best are almost always employed by companies which specialise in QSA and do not simply provide the service amongst a range of other services.
The Assessor’s Role
Your QSA should perform two important roles in order to help your business. As an auditor, he will thoroughly assess the structures you have put into place. But before and after the audit, your QSA should act as a business partner who can readily provide you with invaluable advice.
How to Choose A Professional
Before hiring a QSA, it is worthwhile to invest ample time into assessing his knowledge, skill and experience. Here are areas worth delving into.
Often, the best professionals have several years of experience and have worked with different organisations of varying sizes. If you’d ask them for references, they readily give you a list of their past clients.
Your QSA should readily answer your queries and explain complicated issues in a clear and simple manner. Prior to hiring a QSA, it is worthwhile to do some research and ask him about contentious issues in his field. What you’d want are answers that are fairly consistent. Why? Consistent answers mean that the QSA knows what he is talking about. In turn, should he recommend some measures to be implemented, you’ll know that your investment toward those are well worth your money.
A true professional knows that his role extends beyond auditing. Rather than giving advice to clients, they offers solutions and explains the merits of each. The best auditors also subscribe to the ideal of transparency. If your organisation has pitfalls, he will readily explain why such things happened and what options are available to you in order to rectify these. Finally, quality professionals adhere to a strict code of ethics. Rarely will you hear the best professionals name past clients and the issues they have encountered.