Learn about the 5 biggest mistakes often made when undertaking PCI DSS compliance.
Dallas, TX (PRWEB) January 03, 2013
PCI DSS Compliance can be a challenging task for many businesses – no question about it – as considerable operational and financial resources need to be allocated for ensuring its success. But getting off on the wrong track can also spell disaster, especially considering the fact that many organizations unknowingly make a number of common mistakes on their way to PCI compliance, ultimately costing them untold sums of money and precious operational man-hours. What merchants and service providers need to do is avoid the 5 biggest mistakes often made when undertaking PCI compliance, thus saving considerable time and money for their entire organization. This comprehensive list is developed by PCI-QSA Charles Denyer of NDB Advisory, one of the nation’s most experienced and well-recognized Qualified Security Assessors.
1. Not conducting a formal Readiness Assessment. Jumping into PCI compliance without truly understanding the operational commitments, remediation efforts, and other critical issues is not recommended. Spend time getting to know what PCI is all about and answering the “who, what, when, where, and why” of this ever-expanding compliance mandate.
2. Little or no buy in from senior management. Going it alone is not a good idea, thus management backing is highly essential for the success of one’s PCI compliance endeavors.
3. Failing to understand PCI Scope. Being compliant with the PCI provisions also means knowing what system components within one’s organization must actually meet the stated requirements. It also means identifying third-party organizations that support one’s cardholder data environment (CDE), for whatever capacity that may be. Nonetheless, scope is very IMPORTANT.
4. Not conducting Remediation efforts. It’s critical to remediate ALL items in-scope for PCI compliance, not just a chosen few. Remember, Qualified Security Assessors (QSA) can choose to assess any number of items within the entire defined population.
5. Failing to recognize the importance of policies and procedures. Another big and growing issue is the lack of documented policies and procedures, so use a trusted QSA to author them, or find a high-quality set of templates available for immediate purchase.
Contact PCI-QSA Charles Denyer at 1-800-277-5415, ext. 705, to learn more about PCI DSS compliance.
Author: Charles Denyer