by Gerdien van den Bosch | Mar 8, 2021 | Compliance, PCI DSS
PCI DSS Compliance comes in multiple parts. For some, the hardest part might seem to be the road to compliance, but in fact, we see many organizations struggling with remaining compliant: PCI DSS is not a single-use task that is done at a certain date but requires...
by Gerdien van den Bosch | Dec 10, 2019 | Compliance, PCI DSS
PCI DSS has incorporated new requirements in the latest version 3.2.1. Within the new requirements for service providers, there is one of the requirements (3.5.1) which requires maintaining the documented cryptographic architecture where the algorithms, protocols and...
by Gerdien van den Bosch | Nov 18, 2019 | Compliance, PCI DSS
Many merchants and service providers choose the path of self-validating. They perform all validation steps themselves and record their progress in the Self-Assessment Questionnaires (SAQ) and report their status in the Attestation of Compliance. A PCI Compliance...
by Gerdien van den Bosch | Oct 29, 2019 | Compliance, PCI DSS
Getting compliant to PCI DSS is not an easy task. It requires dedication, some inspiration and certainly a lot of perspiration. During the annual assessment, we witness the many hours of work spent by various teams in order to achieve or maintain compliance. But we...
by Gerdien van den Bosch | Oct 1, 2019 | Compliance, PCI DSS
We still have clients ask us this question from time to time. Unfortunately, simply encrypting Cardholder data (CHD) doesn’t necessarily de-scope it. Under most circumstances, if encrypted CHD is stored, processed or transmitted it will still be in the scope of PCI...
by Gerdien van den Bosch | Aug 26, 2019 | Compliance, PCI DSS
Complying to PCI DSS requires you to have both documented processes and policies in place. Remember: PCI DSS is about People, Processes and Technology. The processes are usually described in policy and process documentation. You have to supply these documents as...