It should be easy. The PCI DSS has been around since 2005 and there are numerous vendors offering solutions to help you deliver compliance – from firewalls and encryption, through to access control and ready-made policies.
Despite these solutions, it seems that many organisations still struggle to get to grips with the requirements of the PCI DSS.
During the development of our new PCI Implementation training course, our PCI training consultancy team has spent time exploring why even experienced information security professionals can find achieving PCI DSS compliance daunting, complex and often costly.
Here are some of our views on why it’s not always easy:
- Whilst PCI DSS requirements have remained roughly the same, threats to security have increased significantly – making implementation of the standard much more complex.
- Organisations have expanded to have more offices, users, software and data – making compliance more challenging.
- The PCI DSS Self Assessment Questionnaires (SAQ) remain confusing, particularly for small companies.
- Failing to determine the ‘scope’ of the card data environment effectively at the start of a project is quite common and can mean that project time and costs are not fully understood.
- Payment relationships between suppliers have become infinitely more complex (who is compliant in your cloud?).
With these issues in mind, we have developed the PCI Implementation and Maintenance course to make your route to compliance as easy as possible. Our practical, independent approach is based on our experience as a Qualified Security Assessor and will give you the skills to deliver a cost-effective, time-efficient implementation and maintenance project.