Ask the Expert

Rerunning background checks

My organization already does background checks as part of the hiring process. Will it be necessary to run them again as part of a PCI compliance process? If so, to what standard?

    Requires Free Membership to View

The PCI has published a document called the Qualified Data Security Company Requirements (QDSC). Section 4 of that document explains how policies and procedures related to background checks may be evaluated in terms of the QDSC requirements. From what I can see, this is evaluated on a case-by-case basis, and though there is reference to a set of "QDSC's personnel background check policies and procedures" on page 11, I can find no such documents anywhere on the Visa Web site.

The closest I could find was in a PCI Security Audit Procedures and Reporting document, where Section 12.7 covers screening potential employees to minimize the risk of attacks from internal sources, which states:

"Inquire of Human Resources Department Management and determine that there is a process in place to perform background checks on potential employees who will have access to systems, networks, or cardholder data. These background checks should include pre-employment, criminal, credit history, and reference checks."

My advice would be to contact Visa and to ask them if they can supply more detail, or if their qualification process as an approved vendor will jump this hurdle along with others along the way to such status.

This was first published in October 2006

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: