PCI DSS Scoping – Create new LLC

5 pts.
Tags:
Compliance
PCI DSS
I had a customer ask me if they can setup an LLC to reduce PCI scope for a specific product. I told them that the issue is shared resources (people, processes, and technology) and that the work to setup and isolate network, people roles, process for this would be significant. My answer is really make all PCI DSS scoped product environments compliant. Can someone provide some thoughts on my approach?

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Kevin Beaver
    This is a legal question that a lawyer needs to chime in on. I could certainly see this being used as a strategy to minimize scope or, at least, risk. There are so many complexities and moving parts that it sounds like you may need to engage with an information security consultant, attorney, or both.
    24,210 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: