PCI DSS, the Global standard for securing payment card data, applies to all entities that store, process and/or transmit payment card data. Requirement 12 requires that you maintain a policy that addresses information security and compliance is mandatory from September 2010.
The recent run of high profile data loss incidents to hit the headlines highlights how important it is for organisations to protect their brand by ensuring their customer’s credit card details are securely managed. The retailing giant TK Maxx is perhaps the most high profile in recent years, however the growth of on-line consumerism has resulted in an extended network of consumer organisations spanning public and private sector industries such as Universities, Local Authorities, Utility companies and Leisure & Hospitality operators.
Industry professionals agree that compliance is easily achievable if you have a good policy and control framework in place. It is not enough to attempt compliance – the onus is on the organisation to prove it or, as Tom Cruise said in the movie A few Good Men, “It doesn’t matter what I think, it only matters what I can prove”. The same will hold true when you are audited on policy compliance.
Automation is key to an efficient and effective system of PCI DSS policy compliance. MetaCompliance, the UK’s market leading provider of IT GRC software, have helped organisations such as Travelex, Payment Shield, GB Group and JD Williams implement a sustainable solution that guarantees 100% participation across the entire organisation and allows you to evidence user awareness and participation over time.