Q

Rerunning background checks

My organization already does background checks as part of the hiring process. Will it be necessary to run them again as part of a PCI compliance process? If so, to what standard?

My organization already does background checks as part of the hiring process. Will it be necessary to run them again as part of a PCI compliance process? If so, to what standard?
The PCI has published a document called the Qualified Data Security Company Requirements (QDSC). Section 4 of that document explains how policies and procedures related to background checks may be evaluated in terms of the QDSC requirements. From what I can see, this is evaluated on a case-by-case basis, and though there is reference to a set of "QDSC's personnel background check policies and procedures" on page 11, I can find no such documents anywhere on the Visa Web site.

The closest I could find was in a PCI Security Audit Procedures and Reporting document, where Section 12.7 covers

screening potential employees to minimize the risk of attacks from internal sources, which states:

"Inquire of Human Resources Department Management and determine that there is a process in place to perform background checks on potential employees who will have access to systems, networks, or cardholder data. These background checks should include pre-employment, criminal, credit history, and reference checks."

My advice would be to contact Visa and to ask them if they can supply more detail, or if their qualification process as an approved vendor will jump this hurdle along with others along the way to such status.

This was first published in October 2006

Dig deeper on PCI DSS: Audits and requirements

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchSecurity

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

ComputerWeekly

Close