PCI DSS Assessment

Acceracy of Audit

Overview of Onsite Audit

Compliance Standards

PCI DSS Ver3.1

Target of Audit

The network components, servers, and application programs that connect all card members to their data environments.

Audit Cycle

Number of criteria:12 categories/398 items
Appendix A: 1 requirement/9 items (additional requirement for shared hosting provider)

Method of Audit

Method of sampling

Compliance via Compensating Controls

If the original requirements cannot be met, reasons and alternative measures for compliance to the requirement (Compensating Controls) should be documented and submitted together with Report on Compliance (RoC).

Proof of Audit

Issuing certificate of audit (ISMS’s certificate）
Right to use the certification mark (on name cards, brochures, and Websites)
-About the PCIDSS Member Certification Program: