Tag Archive: PCI compliance

How to Become PCI DSS Certified

Written by

How to Become PCI DSS Certified The short answer to the question of achieving PCI DSS certification is: you can’t. There is no certificate attesting to Payment Card Industry Data Security Standard (PCI DSS) compliance. There is, however, a way your organization can stand apart as being especially committed to credit card security. Instead of submitting the self-assessment questionnaire (SAQ) and Attestation of Compliance to your acquiring bank, you may choose to pass an on-site audit by a PCI Security Standards Council-certified Qualified Security Assessor (QSA) or your own Internal Security Assessor, and have them file a Report on Compliance (ROC). The difference between these two alternatives is vast. With an SAQ and AOC, your enterprise is assessing itself. An…

PCI DSS: Testing Controls and Gathering Evidence

Written by

PCI DSS: Testing Controls and Gathering Evidence Compliance with the Payment Card Industry Data Security Standard (PCI DSS) is not easy to achieve. Quite the opposite, in fact: A 2017 Verizon report stated that 80 percent of companies fail their PCI DSS assessments, and only 29 percent of those that pass are still compliant after one year. PCI DSS compliance, like information security as a whole, is not a one-and-done process but ongoing. To succeed, your enterprise must be vigilant. And comply you must, if your organization wants to do business. Penalties for non-compliance can be high—even crippling— but never fear. With planning and preparation, you can obtain that coveted Report on Compliance (ROC) or Attestation of Compliance (AOC) with relative…

Compliance Project Management Best Practices

Written by

      Compliance Project Management Best Practices   “You can get a great deal done from almost any position in an organization if you focus on small wins and you don’t mind others getting the credit.” – Roger Saillant How do you eat an elephant? One bite at a time. We’ve all heard the project management advice to eat an elephant one bite at a time.  People react in a number of ways when they first receive the news that they’ve landed a big, high-profile compliance project.  First, you have the project manager who revels in the accolades they’re sure to receive upon its successful completion.  Others fret about the number of ways the project could go awry, spelling sure…