MetaCompliance : Enabling user awareness for PCI security compliance. User awareness plays a crucial role in PCI security compliance; with 51% of businesses indicating that their data is attacked daily and hourly (Ponemon Institute 2009), a vigilant, aware user population provides an essential line of defence in the battle for data security. However this is often the last area of the PCI DSS to be addressed.
Requirement 12: Maintain a policy that addresses information security, recognises the significant threat that user negligence presents to the security of data held within systems. It is essential for both PCI security compliance and IT assurance best practice that organisations develop a robust, sustainable awareness programme that allows for continual, communication to the entire employee population; this is simply not achievable using email or web based methods.
MetaCompliance delivers the verifiable communication that is necessary to demonstrate due care to auditors and regulators. At the core of the MetaCompliance communication engine lies the unique ability to elicit, and enforce, a response from all users who have access to information, including 3rd parties and new employees. Unique targeting and dynamic scheduling capabilities ensure that employees are presented with role appropriate information at a time of most benefit to the organisation. The software automates the mundane, repetitive processes associated with managing user awareness, mitigating the risk of human error.
The MetaCompliance governance lifecycle promotes a process of continual risk assessment, policy management, measurement and testing of awareness and understanding; in effect streamlining governance activities to address those areas that present the most immediate risk to the security of information held within systems. This approach allows organisations to achieve and maintain PCI security compliance, and develop those automated, repeatable processes that are required for best practice IT assurance.
88% of data breaches can be attributed to user negligence. The costs of a breach under PCI DSS are significant, and extend far beyond the initial fines and penalties leveraged by the payment card brands. Companies simply can no longer afford to ignore the risk that the user presents to the security of information. MetaCompliance delivers the sustainable user awareness required to maintain PCI compliance, mitigate the risk of human error, and achieve best practice IT assurance.