The change in annual PCI audit requirements this year is affecting thousands of businesses.
Chesapeake, VA (PRWEB) October 16, 2012
Sera-Brynn, a premiere cyber security firm and PCI QSA staffed and led by former National Intelligence and Military Information Security professionals, has developed an audit program specifically designed to aid Level 2 merchants cost effectively meet their mandatory annual PCI compliance requirements.
As of June 30, 2012, businesses that process more than one million, but less than, and including, six million credit card transactions annually can no longer satisfy PCI compliance certification with a Self-Assessment Questionnaire, or SAQ. They must either validate their compliance with an internal audit by a qualified Internal Security Auditor certified by PCI, or utilize a QSA. Most companies use a QSA.
“Our approach starts with assessing their network and discovering where the cardholder data are located,” said John Kipp, Sera-Brynn’s Chief Operating Officer. “In this Trusted Advisor role, in most cases, we can limit the exposure of PCI ‘in-scope’ data, which significantly decreases the cost of future assessments and audits.”
“The key for merchants is to find a trusted advisor QSA who can help them navigate the technical requirements,” said Kipp.
PCI Data Security Standards (PCI-DSS) apply to any business that processes, transmits or stores credit card information. The purpose of the DSS is to protect individual cardholder data. QSAs are the only companies authorized by the Payment Card Industry to audit those security practices.
“This is an important program,” said Rob Hegedus, Sera-Brynn’s Chief Executive Officer. “The change in annual audit requirements affects thousands of businesses, and many of them are simply unprepared to accomplish the myriad cyber security controls required by the PCI Security Standards Council.”
“We can help businesses through the entire audit process, and ensure they are as secure as possible while providing significant cost savings in future compliance audits,” said Hegedus.