An assessor is unsure if log review and interview is sufficient testing for a requirement. Who can best answer this question?

An assessor is unsure if log review and interview is sufficient testing for a requirement. Who can best answer this question?
A . Payment brands
B . Issuing banks
C . Vendor
D . PCI SSC

View Answer

Answer: D

Explanation:

The PCI SSC (Payment Card Industry Security Standards Council) is the organization that develops and maintains the PCI Card Production Standards and related validation requirements, programs, and supporting documentation. The PCI SSC also provides training and qualification for CPSA Companies and CPSA Employees to perform PCI Card Production Assessments. The PCI SSC is the best source of guidance and clarification for any questions or issues related to the assessment process, testing methods, reporting requirements, and interpretation of the standards. The assessor can contact the PCI SSC by email, phone, or online form, as specified in the CPSA Program Guide1. The payment brands, issuing banks, and vendors are not responsible for defining or explaining the assessment requirements

or testing methods, and may not have the same level of expertise or authority as the PCI SSC.

References:

Card Production Security Assessor (CPSA) Program Guide, Section 2.1 and 5.1

Card Production Security Assessor (CPSA) Qualification Requirements, Section 1.1 and 2.1

Reference: [Reference: https://www.pcisecuritystandards.org/about_us/#:~:text=The%20PCI%20SSC%20mission%20is,and%20

effective%20implementation%20by%20stakeholders, ]