PCI Compliance: Implementing Effective PCI Data Security Standards

Chapter 12: Planning to Fail Your First Audit

Introduction

Whether it s your first on-site audit or your first external vulnerability scan, it s pretty easy to fail your first audit. And while this may not be the case for you, you should have a plan in place to deal with this if it happens. This may happen because you understood a requirement differently than what the auditor required, or it may be that you simply missed something. Its important to be prepared for this. As in all walks of life, whenever anything goes wrong we want to pass the buck. In this case, many times it s easy to pass the blame to the auditor. Having the right attitude came make all the difference. Generally, auditors are not going to be easy on you, because if they are too easy and don t correctly require companies to meet compliance, they can lose their auditing license.

Remember, Auditors Are There to Help You

When dealing with on-site auditors or approved scanning vendors, most people fit into one of three groups. Some people are intimated by auditors. They see them as someone with a lot of power, and they hope they will say and do the right things to get by. A second group seems to look at auditors as their enemy. They believe they must wrestle with the auditor and hopefully win in the end. The last set of people treat the auditor like a consultant they ve brought in to help bring their company into compliance. They respect the auditors opinions and...

UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Category: Accounting and Financial Services
Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.