PA DSS Certification
The Payment Application (PA) Data Security Standard (DSS) is the global standard for security created by the Payment Card Industry Security Standards Council (PCI SSC). These standards need to be followed by any developer who is developing an application that involves the option for payment on the website.
Need for having valid PA DSS certification:
The software vendor must apply for the PA DSS certification which means that the software product that they have developed is compliant with the standards set by the PCI SSC. This certification ensures that the data of the cardholder is safe and there will be no or lesser cases of fraud or breach.
Different steps involved in PA DSS certification:
Understanding gaps: The software vendor needs to complete the questionnaire which will help them to understand the weak areas that they need to address. These gaps will also help them to understand about the missing points that are said to be mandatory according to the PCI standards.
Lab setup steps: The software vendor needs to set up a PA DSS compliant lab environment where the product installation takes place. During the audit, this lab setup is checked.
Document analytical step: Proper analysis of all the documents required for installation takes place in this step.
Product testing step: Testing of the product in different operating systems accessed by the different customers on client sites takes place.
Remediation step: In this step, the different issues are identified that have the potential to violate the compliance and these issues are then addressed.
Final certification step: Once all the previous steps are in place and the product is working properly with all the gaps eliminated, the product gets the final certification.
Documents required for the PA DSS certification:
There are several documents which the software vendor needs to submit before he gets the final certification for the product. The different documents that are required for the PA DSS certification include:
Implementation guide: This guide mentions the details which suggest that the application product formed complies with the PA DSS. It also includes the product installation guide which mentions what are the adequate steps required for proper installation and maintenance of the product.
Description of Software development life cycle (SDLC) and requirement list: This includes all the documents related to the process development, environment development and specific application development. It includes the framework of information which is an important requirement of PA DSS. Special attention is given to the software code review procedures.
Troubleshooting and support policies: This document includes all the detailed procedures needed to support and maintain this product. These documents help to ensure the cardholder that their data will not be compromised during their product maintenance procedure.
Installation guide: In case if there is any involvement of the third party reseller who has to install the product, then a proper installation guide is provided. This gives proper instructions to the reseller to install the product.
The software vendor should consider all the above-mentioned documents are in place which will help them in the process of PA DSS certification for their product.
No comments:
Post a Comment