.

PCI QSA and ASV

<<

alucian

User avatar

Full Member
Full Member

Posts: 228

Joined: Mon Dec 29, 2008 2:01 pm

Location: Montreal, Canada

Post Thu Jan 28, 2010 9:11 pm

PCI QSA and ASV

Hello guys,

I am working in a security company that provides professional services in Quebec, Canada. Besides other services, we are doing penetration testing, and soon we will provide other services (as monitoring, vulnerability scanning & others).

My question is if you consider (given your personal experience or known from close contacts) that it is a good thing to became ASV (and if it is profitable, not a hole in the budget).

Also, I would like to convince my boss to became QSA (and I would like to be one of them). Do you have any idea if > 20.000$ / Yr invested in this is a gain or loss for a company.

I hope that you understand my dilemma and I am waiting for your answers.

Thank you!
CISSP ISSAP, CISM/A, GWAPT, GCIH, GREM, GMOB, OSWP
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Thu Jan 28, 2010 10:06 pm

Re: PCI QSA and ASV

We have considered the same thing in my company several times over the last few years.  So far, we can't justify the cost.  We are a small company and that's a good chunk of change for us.  Unless we have a couple of clients signed up for a PCI audit, I don't see us doing it at this stage.  In other words, profitability would depend on your ability to market these services.  Just because you are PCI ASV or QSA, I am not sure you would have clients knocking on your door.
~~~~~~~~~~~~~~
Ketchup

Return to Compliance, Regulations &amp; Standards

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software