Then the following post on pcianswers.com seems to indicate that its game over, insert coin for this organisation.
After nearly 4 years we have decided to end of life the PCIAnswers Blog and Forum. While there will be no further posts we will leave the existing posts available for people to access. Thanks for your support!
That’s a real shame. Comments are closed there so I can’t add words of support, but I guess the pressure of day jobs got too much for a bunch of great guys with good ideas.
In Europe, (as some of you reading will know) the activity in PCI DSS is mounting and we are constantly getting questions from customers as to what they need to do to be compliant. My advice follows:
- Get a real QSA. There are lots of consultants offering services which are “almost as good” as the real thing. But if compliance is important to you (and if its not, ask yourself why not) then you owe it to your career, and your company to get real advice
- Find one you can work with. Does your QSA just work on technical issues, or processes, or the mixture that your organisation needs to get compliant? Do they understand when to help you compromise? Do they help interface with your acquiring bank(s), service providers, developers and partners?
- Are they based on real experience? At a training recently, a couple of my guys met someone who had a vocal opinion on everything – having it based on experience would help, or else you are in danger of waving. Ahem.
- Do they help you run a structured programme which ensures your company ends up in a position to manage its own compliance? A simple “Yes” here should suffice – anything else, no.