Skip to navigation Skip to main content Skip to footer

PCI Compliance Maintenance

PSC's unique service offering in this area focuses on managing sustaining compliance activities to reduce deviations and exceptions; establishes transition plan and compliance activities to meet new security standards; reduces annual PCI DSS assessment time and overall effort by managing continual compliance demonstration; and, increases compliance by elimination of compensating controls and monitoring of important security activities. Maintaining PCI-DSS compliance between assessments is an extremely challenging proposition, it cannot be considered a once a year event.

Why constant Maintenance?

Maintaining PCI-DSS compliance can be difficult throughout the year and then the entity is faced with the yearly assessment, remediation and a race to achieve compliance before the anniversary date. Constant maintenance and continued vigilance is required to promote best practices across the organization and to prevent a security breach or data compromise.

 

PSC Solution

PSC can implement a yearly program to spread the assessment challenge over the entire year, with monthly check in calls and quarterly onsite visits by a QSA to assist in maintaining compliance.

Each quarterly visit covers a selection of PCI-DSS requirements; reviews the prior quarters evidence gathering and establishes that the activities that should take place on a regular basis been performed.

These activities include review of firewall rules if these have changed; updates to software and patches; updates to configuration standards; development code reviews; new employee background checks; media inventories; quarterly wireless scans; external quarterly ASV scans; internal scans; penetration testing; training of staff (awareness, secure development and incident response) and monitoring service providers PCI status, etc.

The advantage of quarterly PCI-DSS reviews:

  • Focus on discrete sections of the standard over the year
  • Remediate any issues that arise over the yearly program
  • Confirm that new projects are still maintaining compliance
  • Validate that evidence is being gathered at appropriate times during the year

 

Contact Us