Tag Archive for: pci ssc

Homepage Admin

SRC goes GEAR (Global Executive Assessor Roundtable)!

PCI SSC and SRC

The Payment Card Industry Security Standards Council (PCI SSC) is a global forum that develops and promotes the use of infor­mation security standards for secure payments. It is respon­sible for 15 globally recog­nized and widely used standards for securing electronic payment processes — from payment card production and issuance to payment at the point of interest or in web & app, to the processing of payments in the background.

SRC has been assessing the use of those infor­mation security standards since PCI SSC was founded by means of corre­sponding assess­ments and product evalu­a­tions. The PCI SSC attaches great impor­tance to the exchange between different stake­holders and uses various committees and activ­ities for this purpose. SRC has so far partic­i­pated in Special Interest Groups and Task Forces as well as in Community Meetings and Request for Comment phases.

Global Executive Assessor Roundtable

The PCI SSC has been giving experi­enced assessor companies the oppor­tunity to advise its senior management since 2018 through the Global Executive Assessor Round­table (GEAR). We are excited that our company has been selected this year to be part of the inter­faces between leadership of the PCI SSC itself and leadership of the assessment companies by this respon­sible membership. This will enable us to contribute our years of experience in a direct way. The nomination is valid for the next two years and gives us the oppor­tunity to play an influ­ential role in the further devel­opment of speci­fi­ca­tions for assessment proce­dures, new training programs and quali­fi­cation require­ments for future assessors. Other GEAR respon­si­bil­ities include finding ways to promote assessors’ engagement in emerging and new markets, and optimizing assessors’ skills to add value for payments companies

We are proud to be included in this circle and see it as a recog­nition of our past perfor­mance and relevance in the payments security market. At the same time, we are aware of our respon­si­bility to act as a repre­sen­tative for a large community of assessment companies and take this as an additional incentive for the future.

Link to GEAR: https://www.pcisecuritystandards.org/about_us/global_executive_assessor_roundtable/

Associate QSA
Janine Wolff

Associate QSA — quali­fying as a QSA

SRC offers mentoring programme for future Security Evaluators

The QSA accred­i­tation — the previous, unstruc­tured path to becoming a highly qualified Security Evaluator

Extensive experience is required to audit environ­ments in which payment card data is accepted and/or processed for compliance with the PCI DSS security standard. To date, there has been no standardised way of fulfilling the relevant prereq­ui­sites for admission as a PCI DSS assessor (Qualified Security Assessor, QSA) which are compre­hensive profes­sional experience, PCI DSS-specific training and testing as well as at least two other accred­i­ta­tions in the field of infor­mation security and IT auditing.

Associate QSA — the accom­panied path to QSA

With the new Associate QSA programme of the Payment Card Industry Security Standards Council (PCI SSC), an oppor­tunity has now been defined through which new talents with a basic level of profes­sional experience can advance towards QSA approval.

Associate QSA will be accom­panied by an experi­enced QSA mentor. The devel­opment and increasing audit experience of the Associate QSA are regularly reflected and documented. In this way, it is monitored and ensured that the employee has compre­hensive experience in all relevant areas until he or she obtains QSA accreditation.

SRC provides training

The SRC team is known for not consid­ering test standards as check­lists to be processed, but for deriving their appli­cation from complex environ­ments and for supporting the customer in the imple­men­tation and inter­pre­tation as practi­cally as possible. This requires compre­hensive expertise and experience in combi­nation with a constant exchange with other experts.

SRC therefore welcomes the defin­ition of a step-by-step procedure for the training and support of Associate QSA, which contributes to the devel­opment of an appro­priate quali­fi­cation. SRC has thus regis­tered as an Associate QSA company and has already approved the first employee as an Associate QSA. In this way, the quality of the audits in the constantly changing payment trans­action environ­ments is to be guaranteed also in the future.

Tag Archive for: pci ssc