Have you identified a scope that focuses on Card Handling Processes?
Have you installed and tested your firewall and router configuration to protect cardholder data?
Have you changed all your vendor-supplied defaults for system passwords and other security parameters?
Do you keep cardholder data storage to a minimum, and have you implemented a data retention policy which includes disposal procedures?
Do you encrypt the transmission of cardholder data across open and public networks?
Have you implemented controls to protect all systems against malware and do you regularly update anti-virus software or programs?
Do you develop and maintain secure systems and applications?
Have you successfully implemented controls to restrict access to cardholder data on a ‘need to know’ basis?
Do you have processes in place to identify and authenticate access to system components for users?
Do you restrict physical access to cardholder data?
Do you track and monitor all access to network resources and cardholder data?
Do you regularly test security systems and processes?
Do you maintain a policy that addresses information security for all personnel?
Simply select which option most fits where you are in the DSS planning process.
Your results are mostly...
It looks like you’ve got everything covered and your compliance programme is advancing well. Of course we both know that there is so much more to PCI DSS compliance! If you would like to learn more about the standard and how you can benefit from a detailed review then please get in touch by completing the form opposite and we will get in touch to discuss how we can help you improve and benefit from your PCI DSS compliance programme.
PCI DSS isn’t a simple ‘tick box’ exercise, so it’s no surprise that it looks like you have some work to do. It’s important to get the basics in place so take the test again and note the areas you were unsure about and tackle those areas first. Having confidence that you’ve got the answers to these will help drive your compliance programme forward. If you’re still concerned about your score or would like to know more about how to do this then please get in touch using the form opposite, and we will get in touch to discuss how we can help close the gaps in your PCI DSS Compliance programme.
PCI DSS is a very detailed rule-based standard so don’t be shocked by this result. It’s not easy and there are over 250 controls to think about! Our advice would be to approach this as a business risk and a compliance problem, not merely an IT issue. So firstly gain senior management support to develop a Compliance programme and team to support you on this journey. Of course we are on hand should you need help, advice and guidance on this journey. Please complete the form opposite and we will get in touch to discuss your PCI DSS Compliance needs.