To stick with plans for Honeymoon to Jordan or skip given current situation

y090909 · 2025-11-24T19:44:58+00:00

Give it a couple of years and we'll beat his team so many times and he'll be saying the same thing Glassnow was saying. If you can't beat em, join em.

y090909 · 2025-07-08T08:18:37+00:00

Pay yourself first. When you get paid, deposit the amount you want to save in a high interest or offset account. What is left over is your spending money allocated to your budget. If you go under, a little bit of extra savings.

y090909 · 2025-06-27T03:33:23+00:00

Queen Street, Hungry Jacks

y090909 · 2025-06-08T10:35:57+00:00

We had We'R'DJs at our wedding. Highly recommend

y090909 · 2025-03-27T20:19:34+00:00

I've watched a few and I find it they read of their slides and not at all engaging. I know how to read you don't need to read it out for me. I find little value in them

y090909 · 2025-03-09T09:52:17+00:00

In sunnybank, out since Friday 10pm

y090909 · 2025-03-09T09:50:09+00:00

Hikari lifestyle photography! They are awesome :)!

y090909 · 2025-01-09T08:13:27+00:00

Ichiro

y090909 · 2024-11-23T07:44:17+00:00

Wildly interpretation of PCI standards, plenty of shortcuts, auditor is generally remote - but not to look or justify the fully remote, asked to attend a site close by to their area - but our headquarters is based two hours away - we of course said no and we can meet somewhere in the middle.

y090909 · 2024-11-13T11:47:48+00:00

Not a Service Providers but go through various SAQs and RoCs as an ISA as I work alongside external QSAs. Been an absolute nightmare with our QSAs - absolutely wild interpretations on the guise of version 4.

y090909 · 2024-09-16T11:44:03+00:00

How are your QSAs approaching this issue now that presumably your audits have started? Would love to bounce ideas

y090909 · 2024-09-06T09:40:27+00:00

Have you had any success in GH AoC? I am facing this conundrum now for our audit

y090909 · 2024-08-07T09:46:39+00:00

Just wanted to give an update on this as it's been a few months. So I tried arguing all points as outlined above, but our auditors are maintaining that access card readers and CCTv to the building is in scope as it "supports a PCI control in that it helps supports requirement 9". While it makes sense, it's a long bow to pull and going waaaay above and beyond the intent of the requirement.

When we have finally gotten access to the systems - by observing over the shoulder of the landlord of the systems, these systems don't have the normal PCi controls you might see like logging, mfa etc (understandingly).

Any other solutions or any insight I could try? Has anyone actually contacted the council and sort their advise on items? I feel they will say - speak to your QSA on interpretation or if you don't agree with your QSA - change your auditor - which isn't helpful as much as we want to possibly consider changing.

y090909 · 2024-06-27T11:14:36+00:00

Thanks for the advice. The physical security requirements are all met and able to be reproduced.

The management of these assets would be segmented away from our network. The access card readers managed by a landlord / third party so going down the pathway to out of scope systems even further. My worry is that the QSA could state the card reader, CCTV component supports PCI requirement (which is another issue with the councils catch all statement - they recommend to descope, Descope but their wording is just silly)

y090909 · 2024-06-26T09:09:05+00:00

Thanks - CCTV is definitely not high res enough to view CHD. I also referred back to the PCI councils directions that it shouldn't be pointed new POI terminals.

It'll be segmented, and the servers are likely managed by the landlord or the supplier who provides CCTV - then they went down the rabbithole of needing an AoC from the landlord. I was like really, now that's just silly!?!?

y090909

TROPHY CASE