Automation to implement PCI DSS Obligations
Public awareness of fraud and information security threats grow stronger with every data breach and identity theft case reported. Not surprisingly, there is significant latent political will to produce legislation in absence of industry action. It is against this backdrop that PCI DSS (Payment Card Industry Data Security Standard) has been created. As the name suggests, the two key dimensions to PCI DSS are (a) it is a private initiative set forth by the payment card industry and (b) it is a set of standards outlining how sensitive data is handled both operationally and technically.
The consequences of non compliance are serious and will be levied quickly and effectively. The reason for this is simple. The payment card industry in the form of Amex, MasterCard and Visa cannot afford for consumer confidence in online transactions to be eroded and they certainly cannot contemplate additional government legislation in this area.
PCI DSS is made up of twelve general compliance requirements organised around six primary goals. Each of the twelve requirements has more specific compliance steps and they all add up to a comprehensive information security program for protecting credit card numbers and other sensitive cardholder data from loss or compromise.
Where possible, organisations will seek to automate the continuous and mundane aspect of this compliance programme. The MetaCompliance Suite of software products from Baronscourt can assist organisations specifically with PCI requirement 12.
PCI Requirement 12: Maintain a policy that addresses information Security for employees and contractors.
The PCI guidelines state that a strong security policy sets the security tone for the whole company and informs employees what is expected of them. All employees should be aware of the sensitivity of data and their responsibilities for protecting it.
For most organisations of any scale, automation of structured policy and awareness communication is the only credible approach. The MetaCompliance Intelligent Policy and User Awareness Software can enforce user response to PCI policies and communications, it will also collect the back up data essential for use in audits and security incidents.
The software will also automate essential user feedback in the form of ongoing surveys and internal audits. Organisations can measure their performance over time and determine if they are gaining improvement is user awareness.
MetaCompliance compliance solutions can assist your organisation with PCI DSS in the following areas.
- Security policy communication and management
- Policy Review and approval
- Policy awareness review and measurement
- I.T Security audits and Risk Assessments
- Security policy communication to non computer users – e.g. check out staff etc
The MetaCompliance suite helps organisations avoid costly fines; protect brand integrity and customer trust. The software eliminates exposure of information security initiatives to repeat auditing and regulatory violations. Our solution reduces the cost of audits and the complexity of compliance whilst strengthening your organisational security posture across departmental and global boundaries.
