Tag: evaluation

What are the advantages and disadvantages of the periodic rotation of the QSA advisor or company?

In order to ensure optimal levels of quality in assessments of compliance with PCI SSC standards, it is highly recommended (and sometimes mandatory) to implement a periodic rotation of the advisor or QSA company. But which ones...

/ June 12, 2025

Artificial Intelligence (AI) in PCI assessments: A look at the new PCI SSC guide

In March 2025, the PCI SSC published a new guide that will completely change the process of evaluating controls of its standards, allowing the controlled use of Artificial Intelligence (AI) technologies to support QSA advisors: Payment...

/ March 18, 2025

Differences between a PCI SSC standard and a validation program

Compliance with the controls of the PCI SSC standards is governed by two elements that work together: the standard as such and its related validation program. Here we explain their differences. When an entity requires...

/ November 27, 2024

It is not said: "PCI DSS Audit". It should read: ‘PCI DSS Compliance Assessment’

It is very common to hear the terms "PCI DSS Audit" or "PCI DSS Auditor" within the jargon related to PCI DSS standard compliance. The use of this terminology is overcrowded even in Qualified Security Advisors...

/ October 22, 2024