PCI DSS Compliance – setting the scope and getting your policies right is essential
ELY, UK, June 20, 2013 /EINPresswire.com/ -- Complying with the Payment Card Industry Data Security Standard (PCI DSS) can be complicated, not least due to the self-assessment process the majority of merchants have to go through. One of the challenges PCI DSS implementers face at the very beginning of the project is scoping their organisation’s payment card environment.
In a recent blog post, PCI Qualified Security Assessor, and a Senior Consultant at IT Governance, Geraint Williams, said, “Accurately mapping the flow of card data through your organisation is the key to getting your scope right. You need to consider all the different areas within your organisation, plus all instances where data is sent out to external service providers too. Once you have an accurate scope, putting appropriate procedures and processes in place to ensure compliance is relatively easy.”
Reviewing existing policies, procedures, network architecture, software and protective measures is also an essential part of compliance according to Geraint Williams.
Whilst the PCI Security Standards Council has provided guidance on the things organisations need to do in order to achieve and maintain compliance, implementers still need to understand how to implement these recommendations.
In many cases, organisations have difficulties getting their policies and procedures right, that may then lead to non-compliance. The PCI DSS Documentation Compliance Toolkit for example provides all the documentation templates for all the mandatory PCI DSS policies. It is particularly useful for level 2, 3 and 4 merchants and can easily be incorporated with ISO 27001.
The toolkit is available to download for just £249.95 - less than a one day consultancy fee - from www.itgovernance.co.uk/shop/p-1011.aspx.
- Ends -
NOTES TO EDITORS
IT Governance Ltd is the single-source provider of books, tools, training and consultancy for IT governance, risk management and compliance. It is a leading authority on data security and IT governance for business and the public sector. IT Governance is ‘non-geek’, approaching IT issues from a non-technology background and talking to management in its own language. Its customer base spans Europe, the Americas, the Middle East and Asia. More information is available at www.itgovernance.co.uk.
In a recent blog post, PCI Qualified Security Assessor, and a Senior Consultant at IT Governance, Geraint Williams, said, “Accurately mapping the flow of card data through your organisation is the key to getting your scope right. You need to consider all the different areas within your organisation, plus all instances where data is sent out to external service providers too. Once you have an accurate scope, putting appropriate procedures and processes in place to ensure compliance is relatively easy.”
Reviewing existing policies, procedures, network architecture, software and protective measures is also an essential part of compliance according to Geraint Williams.
Whilst the PCI Security Standards Council has provided guidance on the things organisations need to do in order to achieve and maintain compliance, implementers still need to understand how to implement these recommendations.
In many cases, organisations have difficulties getting their policies and procedures right, that may then lead to non-compliance. The PCI DSS Documentation Compliance Toolkit for example provides all the documentation templates for all the mandatory PCI DSS policies. It is particularly useful for level 2, 3 and 4 merchants and can easily be incorporated with ISO 27001.
The toolkit is available to download for just £249.95 - less than a one day consultancy fee - from www.itgovernance.co.uk/shop/p-1011.aspx.
- Ends -
NOTES TO EDITORS
IT Governance Ltd is the single-source provider of books, tools, training and consultancy for IT governance, risk management and compliance. It is a leading authority on data security and IT governance for business and the public sector. IT Governance is ‘non-geek’, approaching IT issues from a non-technology background and talking to management in its own language. Its customer base spans Europe, the Americas, the Middle East and Asia. More information is available at www.itgovernance.co.uk.
Desi Aleksandrova
IT Governance
+44 (0) 845 070 1750
email us here