Ely, England, 20 October 2011 – IT Governance Ltd, the PCI and information security experts, are warning that due to an increasing number of payment card breaches within both the merchant and service provider industries, organisations are now receiving increased pressure from acquirers and card brands to become PCI DSS compliant. Using specialist PCI DSS consultancy services will take pressure from organisations, whilst enabling them to continue sustained business operations effectively.
The purpose of PCI DSS is to ensure that confidential cardholder data is always secure. The PCI DSS specifies 12 requirements and uses a best-practice approach for securing sensitive information. However, many companies are still struggling to demonstrate compliance with the Standard, despite spending money on compliance. According to Verizon’s recent 2011 report on PCI compliance, 79% of the organisations assessed were not PCI compliant and, more worryingly, 90% of organisations that were hit with a data breach were not PCI compliant.
One of the main reasons for organisations to comply with PCI is because they have to. Any organisation which processes, transmits or stores payment card data must comply with the Standard. This includes companies that provide merchants with commerce-related services, such as web hosting. Although PCI is not a law, it is enforceable by the credit card brands through contractual penalties or sanctions.
Alan Calder, CEO of IT Governance, says, “Most of the challenge in implementing PCI lies in the technical and administrative aspects of the Standard. Organisations are struggling to meet the PCI DSS requirements due to the constantly changing security exploits. Ongoing validation of security efforts is necessary, and these need to be co-ordinated and integrated within the overall business process.”
Bringing consultants on board is a strategic decision particularly for those organisations which have already failed once to meet the PCI DSS requirements. Contrary to the belief that consultancy is an expensive service, some companies are beginning to realise that bringing experts on board do the hard work eventually pays off. This means that organisations are saving time and resources and, more importantly, they get everything right on the first attempt.
IT Governance is a renowned company in the information security and compliance sector. It has a team of experienced consultants who have helped a lot of clients to successfully meet the PCI DSS requirements and become compliant within the desired timescale. IT Governance’s flexible and tailored PCI DSS consultancy services can meet the requirements of any organisation’s compliance process. The company also offers special PCI Compliance Services for the Smaller Business.
Alan Calder, comments, “Our consultancy services are bespoke and cost effective. This is what our clients are looking for. We can do anything from scoping and gap analysis through to design and implementation of the whole PCI project. We use a unique mentor and coach approach, which means that, while we are assisting organisations to become compliant, we are also passing knowledge to the project team. ”
Complementing their PCI DSS consultancy services, IT Governance provides PCI Foundation training designed for those members of staff who need to get to grips with the PCI DSS requirements.
Organisations can find out more about IT Governance’s PCI DSS consultancy services here: www.itgovernance.co.uk/pci-consultancy.aspx. They can also call the company’s friendly and helpful service centre team on telephone number +44 (0)845 070 1750, or send an e-mail to email@example.com.