Completing PCI DSS audit requirements is a nightmare. With Omega’s help make the process painless.
What should retailers expect before addressing the PCI DSS requirements?
- Policies – Written policies detailing how data is protected; log reports to support them, and evidence showing that what is written in the policy is indeed what’s followed in practice.
- Documentation – Step by step written documentation with proof they are followed.
- Network diagrams, infrastructure, connected devices, wireless connections.
- Review of technologies used such as – firewalls, routers, switches, web servers, application servers, anti-virus, anti-malware, secure remote control access solutions, file integrity monitoring, etc…
- Detailed logs from all store systems, devices and servers in the card data environment (CDE).
- All applications, hardware and software that are in scope in the CDE.
- List of third party vendors.
- Proof of third party vendor compliance.
- Ongoing records such as internal and external vulnerability scan results for the last few quarters.
- Access to all areas of the business – both physical access and access to documentation/proof of everything listed in the Information Security Policy.
- Incident Response Plan with evidence of execution
- Knowledgeable, dedicated personnel to answer the QSA’s questions.
How should the retailer prepare for the PCI DSS audit requests?
Hire a Managed Security Services Provider. Omega ATC will help with the preparation from start to finish from gap analysis to remediation of gaps and collection of evidence required for an audit.
PCI DSS audits are not that bad
Keep faith that if you have done at least 50% of the prep work for the first year of an audit before your auditor comes in, you will be able to address the rest of with the help of Omega. This is inclusive of a pre-audit gap assessment and prep work.
Call Omega for questions or guidance on your compliance audit at 636-557-777. As a Level 1 certified Managed Security Service Provider, Omega works with the retailers’ best interests in mind and can lead you to a successful completion of an audit every year.