The Verizon 2015 PCI Compliance Report revealed that nearly 80% of all businesses fail their interim PCI compliance assessment, leaving them vulnerable to cyber attacks. The report mentions that many organisations’ security measures aren’t slowing attackers down, as demonstrated by the scale of recent payment-data breaches.
Researchers at Verizon have found that organisations that suffered a data breach consistently demonstrated low compliance rates with several key PCI DSS controls.
The three core areas where organisations fall short are the following:
- Regularly testing security systems
- Maintaining secure systems
- Protecting stored data
The PCI DSS compliance audit is a mandatory, annual process for organisations that store, transmit or manage high volumes of payment card data (typically more than six million annual transactions). The ROC audit provides a thorough assessment of whether the organisation is compliant with the PCI DSS and points out key areas for remediation. Achieving a successful ROC audit means the organisation has taken the necessary steps to secure its cardholder data.
Getting ready for a PCI compliance audit is a tough and burdensome process. Failing to pass an ROC audit, however, can result in costly remediation activities and unnecessarily expose the organisation to critical vulnerabilities.
Download the green paper now
Download the new green paper PCI Audit Success in Nine Essential Steps to ensure you meet the PCI DSS’s full set of requirements.
IT Governance can help your business pass a PCI audit at the first attempt. Contact us now for a pre-audit assessment to ensure you are compliant by the time your audit is due.