Contact us
PCI-GO
  • Dashboards
  • PCI eBook
  • Blog

PCI Newsletter #49 - How long last an audit and How to get safely to the Docking station

12/12/2016

0 Comments

 

How long should last an audit?

Picture
How long do I have to pass the audit? How many attempts do I have? How long should last an audit? How long should the QSA auditors be on-site? How fast do they have to release the ROC and AOC? How much time am i granted to fix the findings?  

These questions pop up every time an organisation gets into the mouth of PCI DSS Harbour where their QSA is expecting them. 


The answer is crystal clear: There is no mandate from the PCI SSC regarding assessment timeline.

Organisations are free to draw up their own schedule and milestones with the QSA and acquirers, if any. This is true for the initial audit as well as for the recurring ones. QSA’s mention an average duration of 8-12 week schedule, depending on the complexity of the environment. Of course, non-major remediations can be accommodated within the usual timeline. Bigger items may require to go back to square one. 

The major risks of an extended assessment period are: 
  • A change of scope: The assessment necessarily takes a point-in-time approach, but if that point-in-time differs materially from the reality when the AOC is issued, that’s not in anyone’s interest.
  • The risk of falling out of compliance: Attestation of Compliance are delivered for a period of one year. Therefore not getting the new AOC before expiration of the current one would induce a non-compliance status.  

​Getting a PCI DSS Pilot onboard 

Picture
​To minimise the risk of failure, organisations should earnestly consider hiring the service of a PCI DSS ship pilot who will lead them safely to the docking station.

​PCI DSS Ship Pilots have extensive experiences of the PCI DSS water and more specifically of on-site audits.  They know how QSA’s are working and how to satisfy them.

Resources

  •  EBook: PCI DSS 3.2 - That’s the Way It Is.​​
  • PCI DSS V3.2 Compliance Dashboard
  • PCI Calendar App - Never miss a milestone again
  • Ready to use PCI Procedures & Templates
Picture



Didier Godart
https://be.linkedin.com/in/didiergodart

0 Comments

    Archives

    October 2023
    September 2023
    July 2023
    June 2023
    May 2023
    April 2023
    March 2023
    February 2023
    April 2020
    July 2019
    February 2019
    January 2019
    August 2018
    May 2018
    February 2018
    January 2018
    December 2017
    October 2017
    July 2017
    June 2017
    April 2017
    February 2017
    January 2017
    December 2016
    July 2016
    June 2016
    May 2016
    April 2016
    February 2016
    January 2016
    October 2015
    August 2015
    January 2015
    July 2014

    RSS Feed

Powered by Create your own unique website with customizable templates.