The 2014 Verizon report indicates that 9 out of 10 failed their PCI DSS baseline assessment.
Here are some excerpts from the report:
- “Organizations that are breached tend to be less compliant with PCI DSS than the average of organizations in our research.”
- “Compliance remains a major issue”
- “The vast majority of organizations are still not sufficiently mature in their ability to implement and maintain a quality, sustainable PCI Security compliance program.”
- “According to our research, only around one in ten organizations were fully compliant with PCI DSS 2.0 at the time of their baseline assessment.” (how few were compliant 1 month after? 3 months? 6 months?)
- “… we feel that as organizations begin to prepare for validation, they will start to realize how significant a step forward DSS 3.0 is”
Here are five key recommendations provided by experts
1. DON’T UNDERESTIMATE THE EFFORT INVOLVED
PCI compliance needs time, money, and executive sponsorship. It needs to be part of everybody’s job — application developers, system administrators, executives, and even staff in shops and call centers — not just left to the IT security team.
2. MAKE COMPLIANCE SUSTAINABLE
There are thousands of tasks that an organization must complete throughout the year to stay compliant. To be sustainable, compliance needs to be embedded in “business as usual” as an ongoing process.
3. THINK OF COMPLIANCE IN A WIDER CONTEXT
The best thing you can do as an organization to simplify your PCI compliance workload and achieve real security is to put your compliance program within your wider governance, risk, and compliance strategy.
4. LEVERAGE COMPLIANCE AS AN OPPORTUNITY
Done right, PCI Security compliance can drive process improvements, identify opportunities to consolidate infrastructure, and generate additional equity. Think of it as an opportunity, not a burden.
5. FOCUS ON SCOPING
There is lots of misunderstanding around how to keep systems out of scope, but there are clear best practices to follow. The first is to store less data on fewer systems. This not only makes achieving compliance easier, it can also save you money on storage and backup
Where can you find the right guidance to help protect your data and stay compliant?
Omega ATC is an expert partner in guiding you with the completion of a successful QSA audit. After years of experience and working with businesses of all merchant levels, we understand what to address to keep your data secure and help you remain compliant. Get in touch with us.