As the global pandemic has restricted travel and eliminated group gatherings, the PCI Council has responded with guidelines that prioritize the health and safety of all personnel involved in an assessment while maintaining the integrity of the assessment itself. The guidelines discuss instances for remote testing where onsite testing is temporarily not possible.
In aligning with the PCI Council’s guidance, we have modified our PCI assessments to include remote testing with sufficient rigor as to have equivalent results as those from an onsite assessment. With your cooperation in utilizing secure video conferencing and file-sharing methods, we are fully capable of conducting remotely the portions of the assessment that would have been done during an onsite visit, such as:
- Interviewing personnel and observing them perform a process or task
- Examining system components performing a function or responding to input
- Taking note of system configurations, environmental conditions, and physical controls
- Reviewing policies and procedure documents
- Reviewing generated evidence
We recognize that we are ultimately responsible for any validation we conduct remotely, and we are prepared to reasonably defend the integrity of the assessment through sufficient documentation. Within the applicable report, we will clearly document which requirements and testing procedures were conducted remotely and explain how the remote testing did not negatively impact the accuracy of the assessment as a whole.
Rest assured that we are committed to providing you with the most accurate assessments. We consistently align our efforts with the PCI Council’s direction on onsite assessments as outlined in their Article 1455 and will continue to follow any guidance provided by PCI during these unprecedented circumstances.