Read an article recently on study that was comparing organizations that had achieved PCI Compliance, but that when re-visited a year later, had fallen out of compliance.
There is usually a big push to get ready for your QSA (Qualified Security Assessor) to arrive on-site for the Validation and completion of the ROC (report of compliance). (If you’re of the level to undergo a validation.) The thing is, the validation and ROC are of a snapshot in time.
There is ongoing effort that goes into being PCI DSS compliant. Log management, quarterly clean vulnerability scanning, annual penetration test, time to fix the vulnerabilities from both the vulnerability scanning and the annual penetration test…
And, this does not take into account regular business operations and expansions. That new data center that you’ve added, changes in business processes that may affect your card data handling, new solutions that you’ve added that may have changed something in your environment. Any of these things could potentially take you out of PCI compliance.
At HALOCK Security Labs, we work with our clients in partnership. We’re here to help you get PCI compliant and stay PCI compliant. How do we do that? We usually suggest a preparedness assessment prior to the actual validation. Though you might think you’re ready, the QSA may not, and you’d rather find that out earlier than the day the QSA’s on site to do the actual validation.
Also, we are available to our clients on a Counseling & Advisory basis. So, when you are considering adding something new to your environment and are unsure how that may impact your compliance, call us. We’re here to help. We want to see you stay PCI compliant as much as you do!
Sr. Account Executive