PCI Compliance Maintenance

PCI Compliance Maintenance

PSC's unique service offering in this area focuses on managing sustaining compliance activities to reduce deviations and exceptions; establishes transition plan and compliance activities to meet new security standards; reduces annual PCI DSS assessment time and overall effort by managing continual compliance demonstration; and, increases compliance by elimination of compensating controls and monitoring of important security activities. Maintaining PCI-DSS compliance between assessments is an extremely challenging proposition, it cannot be considered a once a year event.

Why constant Maintenance?

Maintaining PCI-DSS compliance can be difficult throughout the year and then the entity is faced with the yearly assessment, remediation and a race to achieve compliance before the anniversary date. Constant maintenance and continued vigilance is required to promote best practices across the organization and to prevent a security breach or data compromise.

PSC Solution

PSC can implement a yearly program to spread the assessment challenge over the entire year, with monthly check in calls and quarterly onsite visits by a QSA to assist in maintaining compliance.

Each quarterly visit covers a selection of PCI-DSS requirements; reviews the prior quarters evidence gathering and establishes that the activities that should take place on a regular basis been performed.

These activities include review of firewall rules if these have changed; updates to software and patches; updates to configuration standards; development code reviews; new employee background checks; media inventories; quarterly wireless scans; external quarterly ASV scans; internal scans; penetration testing; training of staff (awareness, secure development and incident response) and monitoring service providers PCI status, etc.

The advantage of quarterly PCI-DSS reviews:

  • Focus on discrete sections of the standard over the year
  • Remediate any issues that arise over the yearly program
  • Confirm that new projects are still maintaining compliance
  • Validate that evidence is being gathered at appropriate times during the year

Contact us for more information