To this day, there is no real productivity tool for a QSA to cover all areas of workflow for a PCI DSS Assessment. Or maybe there is one? Let's find out.
There isn’t much specialized software for Qualified Security Assessors (QSAs). The PCI Council provides professionals with a Word document template and that’s it. Microsoft Word is your tool; it is your software. Some QSA companies use business automation software suite solutions to make document / evidence sharing and tracking somewhat easier which enables client employees to participate in the process somewhat. These are good for their purpose, but they still leave a lot in terms of unnecessary complexity and cumbersome paperwork to be handled by the QSA. Other QSA companies have created specialized Excel templates that replicate sections of the ROC template. The benefit of using these is a more structured, tabular form of data and depending on a particular solution, the ability to export a Word document artifact that would be very close to the PCI ROC standard. These solutions are still lacking in terms of collaboration, evidence tracking and control or data input correctness. To this day, there is no real productivity tool for a QSA, no software that can cover all areas of information and workflow around a PCI DSS Assessment.
So, what would be the requirements for such a tool? Feature-wise, the following would be mandatory:
1. Interface for data collection.
2. Interface and means for evidence collection:
3. Evidence tracking: every document uploaded or provided must be reflected in their respective control and under section 4.9 of the ROC.
4. Interviews and Interviewees tracking and management:
5. Payment Channels management:
6. Collaboration features:
7. Reporting features:
8. Knowledge retention features:
9. Word document export: the tool must produce a valid ROC for the current version of PCI DSS standard.
We are proud to say that the TurboQSA solution satisfies all these requirements and does much more than the bare minimum, aiming to cut down time spent by QSAs and all the people involved in the assessment project while significantly increasing quality of the report produced. TurboQSA is the first and the only purpose-built tool for QSA PCI ROC management.
To find out more, send an email to firstname.lastname@example.org. We’ll be happy to schedule a demo for you.