Annual Plan – PCI DSS Compliance
Many merchants and service providers choose the path of self-validating. They perform all validation steps themselves and record their progress in the Self-Assessment Questionnaires (SAQ) and report their status in the Attestation of Compliance. A PCI Compliance...
How to Maintain PCI Compliance?
Getting compliant to PCI DSS is not an easy task. It requires dedication, some inspiration and certainly a lot of perspiration. During the annual assessment, we witness the many hours of work spent by various teams in order to achieve or maintain compliance. But we...
Everything is encrypted therefore PCI DSS doesn’t apply?
We still have clients ask us this question from time to time. Unfortunately, simply encrypting Cardholder data (CHD) doesn’t necessarily de-scope it. Under most circumstances, if encrypted CHD is stored, processed or transmitted it will still be in the scope of PCI...
All you need to know about PCI DSS & Documentation
Complying to PCI DSS requires you to have both documented processes and policies in place. Remember: PCI DSS is about People, Processes and Technology. The processes are usually described in policy and process documentation. You have to supply these documents as...
What Is a PCI ROC? 4 Reasons Why You Need One
Why organizations should consider having a PCI Report on Compliance completed, even if the acquiring bank is not requiring one.The Report On Compliance is mostly referred to as “ROC”. We often see our customers struggle to understand the differences between the PCI...
Requirement 12 of PCI DSS explained
This blog is part of a blog series on the 12 requirements of PCI DSS. We discuss the common challenges and explain what kind of evidence is needed to comply with the requirement. Here we discuss: Requirement 12: Maintain a policy that addresses information security...