To meet the evolving and complex needs of payment security, the PCI Security Council, a global payment security forum, announced on March 31 it has published its version 4.0 of the PCI Data Security Standard (PCI DSS). PCI DSS provides a baseline of technical and operational PCI DSS compliance requirements that are designed to protect […]

Some organizations consider compliance audits a cost of doing business: resource-intensive and time-consuming, but a necessary step toward securing a new contract or maintaining an existing agreement. However, this view doesn’t take into account the full impact of a robust cybersecurity program – especially in today’s competitive landscape. Strategic Compliance Consumers have higher expectations for […]

Compliance audits require a significant amount of documentation. Whether you’re working toward a SOC report, a HITRUST certification, a PCI Report on Compliance, or any other security initiative, you will need to provide your auditor with formal evidence that your policies and processes are designed in accordance with relevant requirements. The documents you will need […]

Key objectives of the PCI DSS 4.0 update: Continue to provide the critical foundation for securing payment data Promote security as an ongoing process Improve flexibility for organizations using a wide range of technologies Enhance validation methods and procedures PCI 4.0 vs 3.2 Since version 3.2 of the PCI DSS was introduced, the technology used […]

If a customer (or prospect) has asked you to provide a System and Organizational Controls (SOC) report, you have a valuable opportunity to communicate important information about your risk management and compliance program. In most cases, these organizations are looking for proof that you can protect any confidential information that they entrust you with. If […]