The most restrictive type of audit in terms of control choice is Payment Card Industry Data Security Standard (PCI DSS). Under PCI DSS, you must implement all the controls as described. Skip a control or implement it inadequately and you do not meet the standard.

The reason PCI DSS is far more restrictive is because it is centered on payment cards and payment card processing, which have well-known risks and well-understood IT systems. Therefore, PCI DSS can skip over some of the risk analysis and scoping exercise needed for other types of audits, and focus on the controls that the PCI council believes works the best to protect payment cards.

Hello There!

If you have any question, send us an email and we'll get back to you, soon.

Not readable? Change text. captcha txt