PCI Watch

Tracking changes across the Payment Card Industry
ℹ️
Reference Content: This is a copy of content from the PCI Security Standards Council FAQ database, preserved for tracking changes over time.
View Original →
FAQ #1306 Published

Are PCI Forensic Investigators (PFIs) permitted to enter into retainer-type agreements with merchants and service providers?

PCI Forensic Investigators (PFIs) are required to use independent judgment in performing PFI investigations for entities which have been subject to compromise or where a compromise is suspected. It is of paramount importance that PFIs are not subject to any influences that may affect their independent judgment.It is permissible for an entity to have a PFI on a retainer-type contract, in readiness to provide a rapid incident response, providing that all of the PFI Program independence requirements continue to be met.PFIs must adhere to the independence requirements documented in Section 2.3 of the PFI Qualification Requirements

View original on PCI SSC website View all versions Back to recent changes

Disclaimer: This FAQ has been processed for display on this website and may contain errors. Please check the original FAQ on the PCI SSC website for the authoritative version.