Title: PCI QSA and ASV
Post by: alucian on January 28, 2010, 08:11:46 PM
I am working in a security company that provides professional services in Quebec, Canada. Besides other services, we are doing penetration testing, and soon we will provide other services (as monitoring, vulnerability scanning & others).
My question is if you consider (given your personal experience or known from close contacts) that it is a good thing to became ASV (and if it is profitable, not a hole in the budget).
Also, I would like to convince my boss to became QSA (and I would like to be one of them). Do you have any idea if > 20.000$ / Yr invested in this is a gain or loss for a company.
I hope that you understand my dilemma and I am waiting for your answers.
Title: Re: PCI QSA and ASV
Post by: Ketchup on January 28, 2010, 09:06:27 PM
We have considered the same thing in my company several times over the last few years. So far, we can't justify the cost. We are a small company and that's a good chunk of change for us. Unless we have a couple of clients signed up for a PCI audit, I don't see us doing it at this stage. In other words, profitability would depend on your ability to market these services. Just because you are PCI ASV or QSA, I am not sure you would have clients knocking on your door.