Whenever I discuss the PCI DSS (which isn’t very often) I always mention that it’s just a baseline. Compliance with the PCI DSS doesn’t make an organisation secure, but it does a great job at helping to mitigate the majority of attacks, as well as teaching an organisation the importance of security.
Organisations that comply with the PCI DSS to the minimum required level should feel more inclined to step it up and go beyond what’s expected of them.
Appletree Communications went beyond what was expected of them. As their business expanded, so did the size and sensitivity of the data that they held.
Appletree didn’t want to just achieve the minimum security that they had to; they wanted to achieve the highest level of PCI compliance and go beyond mere requirements.
You can read Applestree’s story in a free case study that can be downloaded using the form below: