Tag Archive: PCI

How To Minimize The Scope of Your PCI DSS Audit

Written by

Compliance with the Payment Card Industry Data Security Standard (PCI DSS) and its 281 directives can be a time-consuming hassle. Fortunately, there are ways to minimize your PCI DSS scope, saving time and resources for your organization and auditor, and ratcheting down your stress levels. Larger organizations—those processing more than 1 million credit-card transactions annually—may need two years to reach initial PCI DSS compliance. Then, to stay compliant, they often must expend ample resources monitoring their systems and security and keeping it all up to date. For those who fail, the penalties can be crippling. Even smaller merchants and internet service providers (ISP) may require a year’s work to reach PCI compliance. That’s because this data security framework, mandatory for…

Tags: , ,
Categorized in:

ZenGRC v2.2 Release Features New System of Record Dashboard, Tree View Updates

Written by
ZenGRC v2.2 Product Release Update

In the latest ZenGRC product release we continue to add new and enhanced capabilities designed to make it easier and more efficient to manage your compliance program. Enhancements in v2.2 are now available and include: A New System of Record Dashboard The System of Record Dashboard tracks your progress as you build out ZenGRC as your compliance system of record, and allows you monitor the status of ongoing updates to the system as requirements and business needs change. It shows the status of three ZenGRC objects: controls, objectives, and programs. The dashboard displays the completion status of each of these objects as they move from draft to final, and help you determine if controls are in scope. The System of…

The New PCI-DSS v3.2 and What It Means For You

Written by
CCPA

The PCI Security Standards Council released an update to the PCI Data Security Standard (PCI-DSS) at the end of April. The current version of PCI-DSS is now v3.2. If your organization is required to be PCI compliant, here are some key things to know that will help in the transition to the updated version: 1. Sunrise Period The new standard has a sunrise period of six months. This means if you have a PCI audit scheduled between now and October 31, 2016, you may choose to have the audit conducted against the PCI-DSS v.3.1 (old version), or v3.2 (current version). After October 31, you must use v3.2. 2. New Requirement Deadlines A number of new requirements are considered best practices…

Tags: , ,
Categorized in:

May News Round-Up: The Latest PCI Data Security Standard Update, and New Info on Data Breaches

Written by
May Compliance News Round Up

The Latest PCI Data Security Standard Update PCI compliance is important for all companies accepting or processing card payments. The PCI Security Standards Council introduced a new version of its data security standard, version 3.2, at the end of April. There is a phase-in (sunrise) period for use of the new version. Customers currently undergoing or scheduled to undergo a PCI audit can use the old 3.1 standard until October of 2016. Customers scheduling an audit after October will have to use the new 3.2 framework. The transition to the new framework can be made easier with a GRC tool to help you identify the changed requirements and map your existing security controls to meet the new objectives. You can…

Tags: , ,
Categorized in: