AT&T White Paper Sample

Today’s PCI DSS is one of the most prescriptive models for strengthening security through compliance. The PCI standard and its associated testing procedures are rigorous. They help unearth common weaknesses in information security practices and define a minimum level of security for protecting cardholder data. Companies invest substantial time and effort in achieving and validating compliance with the PCI standard. However, PCI compliance does not necessarily guarantee security of cardholder data.

As news headlines increasingly report security breaches and other events that suggest companies may be operating under misconceptions about compliance, prudent companies are choosing their QSA with more in mind than costs or passing a single assessment. Although all QSAs must meet the same set of requirements in order to become certified by the PCI SSC, QSAs vary not only in experience, aptitude, and thoroughness, but also in how they interpret requirements and how they evaluate the appropriateness of security measures and controls. In selecting a QSA, companies should research potential vendors to ensure they can meet their unique needs and requirements.