PCI DSS Assessment
PCI DSS Assessment
Acceracy of Audit
Overview of Onsite Audit
Compliance Standards
PCI DSS Ver3.1
Target of Audit
The network components, servers, and application programs that connect all card members to their data environments.
Audit Cycle
Number of criteria:12 categories/398 items
Appendix A: 1 requirement/9 items (additional requirement for shared hosting provider)
Method of Audit
Method of sampling
Compliance via Compensating Controls
If the original requirements cannot be met, reasons and alternative measures for compliance to the requirement (Compensating Controls) should be documented and submitted together with Report on Compliance (RoC).
Proof of Audit
Issuing certificate of audit (ISMS’s certificate)
Right to use the certification mark (on name cards, brochures, and Websites)
-About the PCIDSS Member Certification Program: