1

Corporate setups are often complex with data centers in multiple locations, complex ACL's and networks setup between them.

  1. How does a PCI auditor actually audit the systems ?
  2. How does he get to know about the insides of the network in that corporation ?
  3. Is there any policy by which the company has to disclose facts to the auditor for his work?
Improve this question

1 Answer 1

Reset to default
4

If a company wants to store, transmit or process credit card payments they must provide the information the QSA requests. If they deny access to this information, they can be denied the use of VISA and Mastercard payments - which can put a company out of business very quickly!

When I have run pre-PCI audit readiness engagements, I will want full information about every part of the payment data pathway, including physical controls, network infrastructure, team access, authentication, encryption, storage, 3rd parties etc.

Improve this answer
0

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.