PCI Compliance Maintenance
PSC’s unique service offering in this area focuses on managing sustaining compliance activities to reduce deviations and exceptions; establishes transition plan and compliance activities to meet new security standards; reduces annual PCI DSS assessment time and overall effort by managing continual compliance demonstration; and, increases compliance by elimination of compensating controls and monitoring of important security activities. Maintaining PCI-DSS compliance beetween assessments is an extremely challenging proposition, it cannot be considered a once a year event.
Why constant Maintenance?
Maintaining PCI-DSS compliance can be difficult throughout the year and then the entity is faced with the yearly assessment, remediation and a race to achieve compliance before the anniversary date. Constant maintenance and continued vigilance is required to promote best practices across the organization and to prevent a security breach or data compromise.
PSC can implement a yearly program to spread the assessment challenge over the entire year, with monthly check in calls and quarterly onsite visits by a QSA to assist in maintaining complinace.
Each quarterly visit covers a selection of PCI-DSS requirements; reviews the prior quarters evidence gathering and establishes that the activities that should take place on a regular basis been performed.
These activites include review of firewall rules if these have changed; updates to software and patches; updates to confituration standards; development code reviews; new employee background checks; media inventories; quarterly wireless scans; external quarterly ASV scans; internal scans; penetration testing; training of staff (awareness, secure development and incedent response) and monitoring service providers PCI status, etc.
The advantage of quarterly PCI-DSS reviews:
- Focus on discrete sections of the standard over the year
- Remediate any issues that arise over the yearly program
- Confirm that new projects are still maintaining compliance
- Validate that evidence is being gathered at appropriate times during the year
Please contact us for more information