Regulatory Compliance, Governance and Security

Jan 17 2009   8:00PM GMT

Payment Card Compliance | PCI DSS | Tips on Passing your PCI DSS Assessment



Regarding PCI DSS, as a PCI QSA i’m often asked what’s the most difficult hurdle that organizations need to overcome for ensuring PCI DSS compliance. Well, we could talk at length about some of the technical, I.T. challenges, such as two-factor authentication, encryption (though not!). But in all seriousness, organizations are very deficient on having documented policies and procedures in place for their critical infrastructure. From change management to tape/media backup and recovery procedures, many organizations fail to have these very policies and procedures documented in an organizational wide corporate security document, or something of a similar nature, such as online WIKI.

So, why is this such a repetitive and persistent problem for companies? For the most part, it has to do with the lack of expertise in writing these documented policies and procedures along with finding the time to do them. They can be painstakingly slow and arduous to complete. The solution; hire a firm that have experience and expertise in developing and writing policies and procedures for PCI DSS and for any other regulatory compliance mandate your company may encounter, such as SAS 70 audits.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: