Close

Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

Get updates on Compliance Week offerings, including new features, databases, research, and other resources, along with announcements of upcoming Webcasts, conferences, seminars, CPE/CLE opportunities and more.

Published every Thursday, Compliance Week Europe offers a condensed summary of risk, audit, and compliance news either originating in Europe, or of special interest to European compliance professionals. This newsletter will follow developments by the European Commission, as well as those of national governments across the region, or any U.S.-based news that might have consequence across the Atlantic. Frequency: weekly; Thursday a.m.

A fresh edition of Compliance Week delivered via e-mail and online every Tuesday morning, relentlessly focused on the disclosure, reporting and compliance requirements of our 25,000+ paying subscribers.

Published every Friday, Compliance Weekend was launched at the behest of subscribers, and offers a quick Plain English review of the week's key developments. We hope you enjoy this supplement to Compliance Week's Tuesday edition.

×

Status message

Start your free, no obligation 10-day trial to continue exploring with full access.

PCI Group Publishes Self-Assessment Tests

Leffall Jabulani | March 4, 2008

Any retailers still unsure whether their data security standards can pass muster now have a new way to see how safe (or not) customer data really is.

The Payment Card Industry Council has published a detailed set of “self-assessment questionnaires” for small and medium-sized retailers, who typically aren’t required to have their data security reviewed by outside auditors. The guidance addresses hundreds of scenarios; according to the PCI Council, it will go a long way to simplifying the self-assessment process for merchants and security consultants worried about PCI compliance.

The self-assessment questionnaires (known as SAQs) first divide merchants into broad categories. SAQ A, for example, is for retailers that keep payment data off-site; SAQ B is for those that use dial-up terminals to a computer network, and SAQ C applies to those who operate Web-based sales systems. As a merchant selects his or her answers, new... To get the full story, subscribe now.