Cut PCI Compliance and Audit Costs in Half

Seven steps to simplify and secure what really matters.
 Join Now

If you're already a member, click here to log in.

Major Business Pain Points

  • Many merchants still have not addressed their PCI compliance obligations, or if they are currently in the middle of the process (or even completed it), are unaware of how to do it in a cost-effective way and get bogged down in the details.
  • Organizations need to understand the options available to them to simplify PCI compliance while still meeting the criteria.
Cut PCI Compliance and Audit Costs in Half-Pain Points

Recommendations

Key Points

  • Organizations need to realize that focusing on compliance over security doesn’t actually address the risks they face.
  • The focus should be on securing what is absolutely necessary, which means that holding onto credit card information may not be required.
  • PCI compliance is not just about technology. Organizations need an action plan that combines technology, policy, and training and awareness to ensure compliance success.
  • PCI does not just belong to one department – it is an organization-wide responsibility, from finance, to IT, to employees who are at the forefront of handling the transactions.

Approach

Cut PCI Compliance and Audit Costs in Half-Recommendations
  • Understand what your organization needs to achieve PCI compliance, and use that information to find opportunities to simplify.
  • Creating an action plan that involves all related parties ensures that everyone starts off on the same page and cooperatively tackles compliance as a team, rather than disjointed parties. Organizations will find more success with a group effort.
 Subscribe to Premium

Methodology and Tools

1. Understand the importance of becoming PCI compliant

Understand the effects of remaining non-compliant, and what it costs to reach compliance.

  • Cut PCI Compliance and Audit Costs in Half - Storyboard

2. Record compliance-related information and identify opportunities to do compliance better

Use the capture tool to identify gaps and opportunities, as well as specific strategies that work best with your organization’s requirements.

  • PCI Simplification Capture Tool

3. Review 12 PCI Core Requirements

Review each requirement and the key actions you need to take to address them.

4. Determine Simplification Strategy and Communication Plan

Create a communication document to properly inform stakeholders and secure their buy-in. Document and maintain all PCI related information in one central location.

  • PCI DSS Compliance Communication Plan
  • PCI DSS Action Plan

All resources on this page are provided to Cyber Leadership Hub members under license from third parties including Info-Tech Research Group Inc, a global leader in providing IT research and advice.