PCI: What Are The Benefits of a PCI Assessment?

April 21, 2014 Eric Sampson

What Are The Benefits of a PCI Assessment?

 Perhaps the obvious answer is confidence and assurance that the cardholder data environment (CDE) is securely controlled. But there many "spill over" benefits that many organizations see by performing PCI assessments through a Qualified Security Assessor (QSA). Organizations, and in particular their security, compliance, and risk management departments, have the opportunity to leverage the information security practices learned and adopted for the CDE and apply those practices throughout the organization outside the CDE.

Here are some common areas, to name a few:

  • Information security policies and procedures
  • Risk assessments
  • Intrusion detection
  • Vulnerability scanning
  • Penetration testing
  • Secure application development
  • Patching and vulnerability management
  • System hardening procedures
  • Cryptographic key management practices
  • Daily operational security procedures
  • Incident response

About the Author

Eric Sampson

Eric Sampson is a Manager at Schellman. Eric began his professional career in 2005 while working as an IT auditor in Philadelphia. Eric executed several critical projects for clients in the areas of information security and Service Organization Controls (SOC) reporting projects. To date, Eric has provided services to clients in the healthcare, information technology, and financial services industries, among others.

More Content by Eric Sampson
Previous Article
5 Steps to Prepare for a PCI Assessment
5 Steps to Prepare for a PCI Assessment

Preparing for a Payment Card Industry (PCI) compliance assessment is a major task for any size organization...

Next Article
PCI Risk Assessments – Why Is It Important?
PCI Risk Assessments – Why Is It Important?

The goal of PCI DSS is to reduce the risk of credit card breaches. That, however, is a broad statement inte...