PCI Security Standards Council Unveils New Quality Assurance Program

PRESS RELEASE

WAKEFIELD, Mass, Nov. 17, 2008 — The PCI Security Standards Council (PCI SSC), a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Entry Device (PED) Security Requirements and the Payment Application Data Security Standard (PA-DSS), announces that it has launched a quality assurance program for Qualified Security Assessors (QSAs) and Approved Scanning Vendors (ASVs). The new program was designed to provide QSAs and ASVs with a set of requirements that helps ensure they provide consistent, quality validation and assessment services to merchants and service providers.

The PCI SSC developed the quality assurance program as a direct result of feedback from the Council's participating organizations and assessment community and is intended to promote consistent interpretation of the PCI standards and ensure quality is maintained among all vendors. Participation in the program will be required for the Council's registered QSAs and ASVs, in order for them to retain the ability to conduct PCI assessments.

"Feedback from the Council's participating organizations and others made it clear that the assessment process for the PCI standards would benefit greatly from more rigorous guidelines," said Bob Russo, general manager, PCI Security Standards Council. "As a result, we created a clear-cut program that will help ensure all those involved in this process are consistent, credible, competent and ethical."

The new quality assurance program is based on eight guiding principles. Through the program, the Council and assessor community commit to: