PCI Compliance for Remote Working

Ensure your remote working solution is PCI compliant

The recent shift to relying heavily on remote working can introduce significant risks for PCI-compliant organisations.

Our service assesses your remote working policies, processes and technology to advise how your homeworking solution fits within the PCI DSS control framework, focusing on:

• Individual user hardware/platforms;
• Individual user software (including operating systems);
• Wi-Fi;
• BYOD (bring your own device);
• Encryption (transmission); and
• Organisational policy and processes.

 Download the full service description.

About this service

This service is conducted remotely, during which the consultant collects information about your organisation and its remote working arrangements. This information will be compared to your organisation’s information security and data protection requirements, and against best practice.

The consultant will address each of the key PCI DSS requirements that remote working can affect.

The result is a high-level report and remote working action plan that identify key findings relative to specific PCI DSS controls.

The report will identify in detail the extent to which your organisation’s remote working activities meet its information security and data protection requirements, while the action plan prioritises the key issues your organisation must address to meet those requirements.

Conditions

• This service applies to any organisation that is PCI DSS compliant or is looking to achieve compliance in the immediate future.
• You will need to provide overviews of your people, processes and technology in order to proceed on schedule and fulfil the objectives. Our consultants rely on the information you provide to give you the most prudent advice relative to your organisation’s environment.
• While not essential, IT Governance recommends appointing an internal project coordinator to host meetings and to ensure all required information is provided on time.