How soon is PCI scan required on new application?
Tags:
Hello,
The larger team I work in is about to release a new ecommerce website that allows the secure storage and usage of personal and corporate credit cards. As far as system components go, the payment card info. is stored securely in Oracle and the DB itself is in the private network behind a special PCI-related firewall. Still, this application comes under PCI compliance regulations. What is required as far as the timings on when the initial scan is required with this application - is it needed before go-live, or some time after i.e. "90 days"? I don't think the team here is considering security testing in their final efforts.
Rich
Software/Hardware used:
IBM Portal, IBM Commerce, Oracle Database, Sun hardware
The larger team I work in is about to release a new ecommerce website that allows the secure storage and usage of personal and corporate credit cards. As far as system components go, the payment card info. is stored securely in Oracle and the DB itself is in the private network behind a special PCI-related firewall. Still, this application comes under PCI compliance regulations. What is required as far as the timings on when the initial scan is required with this application - is it needed before go-live, or some time after i.e. "90 days"? I don't think the team here is considering security testing in their final efforts.
Rich
Software/Hardware used:
IBM Portal, IBM Commerce, Oracle Database, Sun hardware
Asked:
Last updated:
Answer Wiki
-
Last updated:62,110 pts.
- History
-
Contributors
- Ordered by most recent
-
62,110 pts.
-
25,705 pts.
Discuss This Question: