IMGCAP(1)]
The Payment Card Industry Security Standards Council announced this week a quality-assurance plan for its Qualified Security Assessors and Approved Scanning Vendors. The plan is intended to improve the consistency of how QSAs and ASVs validate and assess merchants and service providers seeking PCI compliance. QSAs and ASVs under the plan submit their internal quality-assurance processes and customer reports to the PCI council. The quality-assurance initiative is a "natural evolution," says Bob Russo, general manager of the Wakefield, Mass.-based council. "We do all this testing, all this vetting" of QSAs and ASVs, Russo says. "Now comes the point where we need to look closer at these guys to make sure they are all doing things the same way." The council began requiring the groups to submit their internal quality-assurance processes on Oct. 1. They are required to submit internal reports beginning Jan. 1, says Russo, adding that the companies are allowed to redact client names from the reports. The council developed the quality-assurance plan as a response to what industry feedback suggested, says Russo.
