I.T. Security and Linux Administration

Aug 30 2013   3:03PM GMT

Compliance, What’s That?

Eric Hansen Eric Hansen Profile: Eric Hansen

“Being compliant” is a big buzz word as of late that really adds nothing to the company needing it.  Chances are people will be able to tell you how they can make you compliant, but not be able to tell you why you should be.  Granted, the flip side is that if you’re looking into compliance you should know why you want it done anyways, but still.

PCI and HIPAA compliance are probably some of the most common ones, both serving the purpose of credit card processing and medical records respectively.  The main case for these is that more and more people are using plastic instead of paper to pay for things, and if you’re doing business online its virtually a necessity somewhere down the line.  HIPAA, while part of me feels has seen its days as less and less people can afford to go to the doctors/medical professionals still holds a strong place in the government regulations (PCI isn’t governmental regulated).

I don’t know the fundamentals of HIPAA regulations (never really was concerned with it) but PCI is a tricky little fella.  It has 4 classes/levels: A, B, C, D, which range from strictest – laziest.  Most online merchants will fall between C & D and physical merchants will be A & B (simply due to the vast differences in how cards are handled).  D, which is common for stores that are on shared hosting plans and do not actually store CC information is also the most common.  A has the hardest checklist of items to pass, however.  It goes not only into virtual security but also to physical as well.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: