Search results for:

PCI DSS Compliance, Certification, Consultant Oklahoma

Are you a merchant or service provider in Oklahoma and in need of PCI compliance and certification assistance from a proven, trusted provider – a firm that offers fixed-fee pricing and superior services? Then contact the Oklahoma PCI DSS compliance and certification experts at Materdei Consulting, LLC at pci@pcipolicyportal.com today. As Oklahoma natives – our founding partners were raised in Waynoka and Clinton, OK – the Sooner State is home to us, so turn to the PCI professionals today.

Comprehensive PCI DSS SAQ Solutions for Oklahoma Businesses

We offer numerous PCI compliance and certification services for Oklahoma businesses, such as PCI scoping & readiness assessments, PCI policies and procedures packets, strategy and consulting services, assistance with selecting security tools and solutions for compliance, and much more. Look at us as your one-stop shop for Oklahoma PCI compliance. Visit pcipolicyportal.com to learn more about our products, services, and solutions, especially our award-winning PCI Policy Packets, available for instant download for both Level 1 onsite QSA assessments, and for the following SAQ requirements:

• SAQ ASAQ A-E
• SAQ B
• SAQ B-IP
• SAQ C
• SAQ C-VT
• SAQ P2PE-HW
• SAQ D for Merchants
• SAQ D for Service Providers

Oklahoma’s PCI Compliance Experts – Fixed-Fee Prices – Let’s Talk

You don’t have to spend tens of thousands of dollars on PCI compliance, and you don’t have to allocate hundreds of internal man-hours for PCI compliance. Let Materdei Consulting, LLC show you a better way – contact us today at pci@pcipolicyportal.com to learn more. Merchants and service providers in Oklahoma now have a proven and trusted source for PCI DSS compliance and certification. As a full-service compliance firm to Oklahoma businesses, Materdei Consulting, LLC offers the following PCI solutions:

PCI DSS Scoping & Readiness Assessments: One of the most fundamentally important initiatives to undertake for ensuring a successful PCI compliance certification process is performing a scoping & readiness assessment. No, it’s not just another expense to add to your engagement, it’s a highly beneficial process that yields significant findings for helping Oklahoma businesses identify and remediate critical gaps, while also confirming essential scoping boundaries. The more you know in terms of PCI compliance, the greater your chances of achieving certification on time, within budget, and with minimal headaches.

PCI compliance for Oklahoma businesses can be an incredibly challenging and expensive proposition, but it doesn’t have to be, all the more reason for performing a scoping & readiness assessment. Having a clear roadmap in front of you in terms of deliverables, milestones, and expectations is the real benefit of a scoping & readiness assessment, so contact us today at pci@pcipolicyportal.com to learn more.

Policy Writing: Our signature product we’ve been offering since 2009 are PCI policies and procedures for merchants and service providers. Professionally researched, easy-to-use, and implement, they’ve been saving clients thousands of dollars. If you need that extra level of policy customization, we offer policy writing services for Oklahoma businesses.

PCI SAQ Help: Performing a PCI DSS Self-Assessment via any number of the actual Self-Assessment Questionnaire (SAQ) documents can be an incredibly trying experience. Sure, its’ an SAQ, which means you don’t need the services of a Payment Card Industry Qualified Security Assessor (PCI-QSA) or some other PCI compliance expert, but it’s probably best you seek out such an individual. Why? Because the SAQ documents have become longer, more in-depth, complex, and demanding. Self-assessing is easier said than done, and it’s why Materdei Consulting, LLC offers comprehensive SAQ consulting and compliance services for Oklahoma businesses. Two of the most commonly utilized SAQ forms – SAQ A-EP and SAQ D – are notorious for being extremely challenging as they require upwards of almost 200 different mandates to be in place within the twelve (12) PCI DSS “Requirements.”

Oklahoma’s PCI SAQ Experts for Merchants and Service Providers

Going it alone on any number of the PCI SAQ documents can get tricky, as you’ll need to ask yourself the following questions for each mandate: (1). Is it in scope and why? (2). Does is require a policy, procedure, or process, and must it be documented? (3). Can a compensating control be used if we cannot meet the original intent of the control? These questions, and many more, often prove challenging to merchants and service providers, so let the PCI experts at Materdei Consulting, LLC assist your business today.

One of the more eye-opening experiences for becoming PCI DSS compliant is the realization that numerous security tools and products often have to be acquired and implemented into one’s environment. With the PCI framework being heavily weighted towards information security – and understandably so – tools such as anti-virus, File Integrity Monitoring (FIM), intrusion detection systems, two-factor authentication, audit and logging mechanisms – and more – are needed. Should you use open source, or not? What are the best tools available for UNIX/Linux and Microsoft systems? Do many of the products offer provisioning services or must we go it alone? These are just a handful of the common questions we help answer for clients by assisting in choosing the right products and services.

There’s literally hundreds of vendors offering viable products and services, but who has time to assess their viability for your environment? We do, as Materdei Consulting, LLC has been helping Oklahoma merchants and service providers for years in finding the right solutions at the right price. Choosing the wrong vendor can cost you thousands of dollars, not to mention endless headaches for PCI compliance, so contact us today to learn more. The healthy balance when it comes to sourcing PCI security solutions is knowing exactly what you need, what works in your environment, and getting it successfully implemented – initiatives Materdei Consulting, LLC can assist with.

Contact Oklahoma’s PCI DSS Experts Today

PCI compliance is a strict mandate for businesses in Oklahoma involved in storing, processing, and transmitting of cardholder data. With rising data breaches resulting in the compromise of highly sensitive consumer data – often credit cards – securing your network is now more important than ever. The PCI DSS standards were developed for ensuring a comprehensive information security platform is in place for merchants and service providers all throughout the globe who work with cardholder data, and we’re here to help you with implementation and compliance.

Looking for guidance on critical scooping issues? We can assist. Need help authoring PCI policies and procedures? Our toolkits are the best in the business? Have questions about interpreting the actual PCI DSS standards? Talk to us and we’ll answer the tough questions. Whatever Oklahoma businesses are looking for in terms of PCI compliance, Materdei Consulting, LLC can deliver. Contact us today at pci@pcipolicyportal.com or visit pcipolicyportal.com to learn more.

PCI Compliance & Certification for Retail Stores – 8 Things to Know

PCI DSS compliance and certification for retail stores is an absolute must as such entities are directly involved in storing, processing and transmitting cardholder data. In fact, from a fraud perspective, retail stores are high on the list when it comes to data breaches and theft of cardholder data – there’s no denying that – so it’s time to get serious about information security and protecting consumer credit card information. Nobody wants a data breach – that we can all agree on – so take note of the following 8 important items your business needs to know about regarding PCI compliance and certification for retail sources, courtesy of Materdei Consulting, LLC, the world’s leading provider of PCI policy templates and toolkits.

Our PCI Compliance Toolkits Save Retail Stores Thousands of Dollars

Before we dig into our Top 8 list for PCI compliance and certification for retail stores, remember one thing that’s very important; documentation is often the largest, most challenging, and time-consuming aspect of becoming compliant with the Payment Card Industry Data Security Standards (PCI DSS). That’s right, we’re talking about the huge need for having documented information security and operational policies and procedures in place, an endeavor that can take hundreds of hours and thousands of dollars to develop – but not anymore.

Thanks to our award-winning PCI Policy Toolkit for Storefront Merchants that contain all essential policies, forms, checklists, templates, and other material for helping retail stores and storefront merchants become PCI DSS compliant quickly. Learn more today at pcipolicyportal.com and start saving time and money.

The 8 Most Important Things You Need to Know Regarding PCI Compliance

1. Understand Your Exact Reporting Requirements: The vast majority of retail stores can actually perform a PCI DSS Self-Assessment Questionnaire (SAQ) simply based on the fact that they do NOT meet or exceed the stated transaction volume for having to go through an official Level 1 onsite assessment with a Payment Card Industry Qualified Security Assessor (PCI-QSA). That’s the good news. The more challenging news is that you still need to determine which of the PCI SAQ documents to use (there are a number of them, some limited strictly to e-commerce), which can be confusing in of itself. Here’s a quick snapshot of the various SAQ’s that retail stores and other storefront entities would be able to assess against for PCI DSS compliance:

• SAQ B: Merchants Using Only: Imprint machines with no electronic cardholder data storage; and/or standalone, dial-out terminals with no electronic cardholder data storage. Note: Not applicable to e-commerce channels.
• SAQ B-IP: Merchants using only standalone, PTS-approved payment terminals with an IP connection to the payment processor, with no electronic cardholder data storage. Note: Not applicable to e-commerce channels.
• SAQ C: Merchants with payment application systems connected to the Internet, no electronic cardholder data storage. Note: Not applicable to e-commerce channels.
• SAQ C-VT: Merchants who manually enter a single transaction at a time via a keyboard into an Internet-based virtual terminal solution that is provided and hosted by a PCI DSS validated third-party service provider. No electronic cardholder data storage. Note: Not applicable to e-commerce channels.
• SAQ P2PE-HW: Merchants using only hardware payment terminals that are included in and managed via a validated, PCI SSC-listed P2PE solution, with no electronic cardholder data storage. Note: Not applicable to e-commerce channels.
• SAQ D: SAQ D for Merchants: All merchants not included in descriptions for the above SAQ types.

Each of the above referenced SAQ’s carry with them vastly different reporting requirements, so keep this in mind. Some may require you to perform penetration testing, some many not, and the overall length, complexity, and scope of each of the above SAQ’s does differ greatly – it all depends on which one you decide to assess against. But remember this, whichever SAQ you assess against, they all require the three (3) P’s – policies, procedures, and processes – and that means documentation, which is what pcipolicyportal.com offers. Additionally, please not that SAQ A and SAQ A-EP are strictly for e-commerce merchants.

2. Know Where Cardholder Data Resides: Sounds easy enough, but you really need to sit down and assess, identify, and ultimately confirm where credit card information resides in your organization, both hard-copy and electronically. Even in today’s digital age, you’d be surprised at the number of retail stores that have cardholder data in hard-copy format, such as old invoices, purchase orders, receipts, and many other locations. Additionally, knowing where cardholder data resides ultimately means knowing how your organization captures credit card information.

It’s why it is critically important to develop a cardholder data flowchart showing the entry/origin, pathway, and exit point(s) of credit card information. When done properly, you’ll be able to readily identify where such cardholder data resides, and that’s the real intent of the exercise for retail stores seeking to become PCI DSS compliant.

3. Put in Place Necessary Documentation: Policies and procedures are a big part of today’s regulatory compliance initiatives – and especially with PCI compliance for retail stores – so it’s important to understand that amount and time effort needed for developing such materials. Do you really want to spend endless hours authoring PCI policies and procedures – probably not – so simply download the PCI Policy Toolkit for Storefront Merchants and get all the policies, forms, and templates needed for becoming PCI compliant. Perhaps you already have policies in place, but are they written to the exact standards of the PCI framework, and are they even current? Save yourself time and money by using professionally developed, high-quality PCI policies and procedures from pcipolicyportal.com.

4. Implement Security Awareness Training: One of the very best initiatives any business can do – especially retail stores – in terms of helping protect their organization is to put in place comprehensive security awareness training. The world we live in today is radically different from just ten years ago, with threats seemingly everywhere, so now’s the time to get serious about protecting organizational assets, and it begins with high-quality, professionally developed security awareness training programs.

pcipolicyportal.com offers professionally researched and developed PCI security awareness training materials for instant download today as part of the PCI Policy Toolkit for Storefront Merchants. The material is easy-to-use, incredibly comprehensive, and well-written. Forget about spending thousands of dollars on online training for PCI security awareness – use our materials instead!

5. Be on the Lookout for Fraud: It is retail after all, which means fraud is going to happen, no question about it. With that said, you’ll have to keep an eye on the shoplifters, but also people who try to use stolen credit cards to purchase goods. But perhaps the biggest fraud scheme to watch for is internal employees using card skimmers at the Point-of-Sale (POS) devices. Yes, unfortunately internal employees are often the most dangerous types of individuals when it comes to cardholder data breaches. Because of this, retail businesses need to regularly inspect the POS devices, essentially looking for card-skimming readers, and anything else unusual.

6. Implement Security Awareness Training: The real advantage of PCI security awareness training for retail stores is that employees gain valuable knowledge relating to essential security issues, threats, and best practices. But it also let’s your workforce know that YOUR business is serious about cardholder data security. This invariably makes malicious employees sometimes think twice before purporting some type of internal fraud, as they know the business owner is wise to such tactics and practices. Your internal employees are much more likely to cause greater financial damage and stress in terms of fraud than external individuals – sad but true.

7. Perform a Risk Assessment: Assessing risk is a critical element for any merchant seeking to enhance profits, minimize threats to the organization, while continuing to have a business that’s sustainable for the long-term. Sure, a risk assessment is a requirement for PCI DSS compliance, but it’s also a good idea, and something that every organization should perform. After all, don’t you want to know about threats and challenges that can cause major issues and constraints with your business – sure you do – so perform a risk assessment today and get the answers you need.

Our PCI Policy Toolkit for Storefront Merchants comes complete with a comprehensive, yet easy-to-use risk assessment program, and it’s available for instant download today at pcipolicyportal.com.

8. Continuous Monitoring should be the New Norm: PCI compliance for retail stores also means employing “Continuous Monitoring” activities, the initiatives undertaken for monitoring and ultimately making changes to one’s internal controls for ensuring continued compliance. It can be a difficult challenge, but with high-quality documentation from pcipolicyportal.com, one’s monitoring functions just became that much easier.

Some of the specific items you’ll need to undertake for continuous monitoring is ensuring that Point-of-Sale (POS) terminals/devices have not been tampered with, that employees do not have resources to steal cardholder data, that annual security awareness training is undertaken, and much more. Becoming PCI compliant is one thing, but maintaining it is a whole different battle. For assistance, contact us today at pci@pcipolicyportal.com to learn more about the industry leading services and solutions offered by Materdei Consulting, LLC regarding PCI compliance for retail businesses throughout North America. PCI compliance for retail entities doesn’t have to be an expensive and time-consuming proposition; hire us and we’ll show what needs to be done.

The World’s Leading Provider of PCI Policies & Toolkits for Retail Stores

Becoming PCI DSS compliant is a strict requirement for retail stores, so download the PCI Policy Toolkit for Storefront Merchants today and save hundreds of hours and thousands of dollars on PCI compliance. Since 2009, Materdei Consulting, LLC – the founders of pcipolicyportal.com – have helped thousands of retails businesses all throughout North America with PCI compliance. From high-quality PCI policies and procedures to professional consulting services – and more – we are the trusted leader for PCI compliance. Visit our website today at pcipolicyportal.com, or contact us at pci@pcipolicportal.com to learn more.

We also offer expert guidance and recommendations on various tools and other security initiatives for helping retail stores becoming PCI compliant. From vulnerability scanning tools to File Integrity Monitoring providers, we have a list of high-quality, cost-effective vendors with proven solutions for helping merchants become PCI DSS compliant.

PCI Compliance & Certification for Cloud & SaaS Environments

PCI compliance and certification for cloud providers and SaaS vendors/platforms is a hot topic of discussion these days – and for very good reason – as the continued adoption and migration to cloud based platforms is growing larger by the day. Say goodbye to the antiquated 1990’s client-server architecture and hello to the speed, efficiency, and cost-savings of the cloud. With big rewards come big compliance mandates, which means having credit card information in the cloud requires an extra effort for ensuring the safety and security of consumer cardholder data and any other associated Personally Identifiable Information (PII). The cloud is here to stay – no question about it – so it’s time to get educated on the finer points regarding PCI compliance and certification for cloud environments such as SaaS, PaaS, and IaaS.

Our PCI Toolkits for the Cloud save Businesses Thousands of Dollars

Before we get into a discussion on PCI compliance and certification for cloud businesses, just a quick primer on the importance of documentation. While the PCI DSS mandates are highly technical indeed – firewalls, routers, access control and other security topics dominate the discussion on PCI – it’s profoundly important to recognize the importance of documentation.
Did you know that literally dozens – up to fifty (50) different policies and procedures are mandated for full PCI compliance? Are you aware of the strict requirements for performing a risk assessment, along with monitoring your third-party providers? Do have security awareness training material in place as annual training is also a strict mandate for PCI DSS compliance?

You see, wherever you turn to regarding PCI compliance, documentation is a huge part of the Payment Card Industry Data Security Standards, and it’s why we offer industry, leading award-winning PCI compliance toolkits and policy packets for cloud and SaaS vendors/platforms. Visit pcipolicyportal.com today to learn more about
PCI compliance and certification for cloud providers and SaaS vendors/platforms.

Essential “Must-Know” Facts about PCI Compliance in the Cloud

1. Different Cloud Businesses Require Different PCI Reporting. Are you a provider of cloud services to businesses or are you an actual business operating in the cloud? It’s a basic question to ask yourself and one that requires completely different PCI DSS reporting mandates depending on which function you serve. While the industry heavyweight cloud providers – Amazon AWS, Microsoft Azure, and others – clearly have their PCI DSS ducks in a row with annual compliance, there are still a number of smaller, boutique cloud vendors that also must perform annual PCI DSS compliance.

However, the vast majority of PCI compliance in the cloud falls on the near endless number of businesses operating in the cloud and providing a form of Software as a Services (SaaS), including IaaS and PaaS offerings. From data analytics to healthcare benefit submission portals and tools, there are literally dozens – perhaps hundreds – of different cloud based businesses currently in operation.

2. If You’re a Provider of Cloud Services. The two big heavyweights of cloud services are well-known – Amazon AWS and Microsoft Azure – but there are hundreds, if not more, of cloud services providers offering products, solutions, and services to clients. For these very entities, PCI DSS compliance is a must, but from a scope perspective, it’s often limited to core “Requirements” within the actual PCI DSS framework. More specifically, Requirement’s 9 and 12 are in-scope, along with partial compliance for any number of the remaining PCI DSS Requirements.

It’s important to remember that the basis for PCI compliance for cloud/SaaS/PaaS/IaaS providers/vendors begins with securing the basic elements of a network and putting in place standardized business policies and procedures, which is what Requirement’s 9 and 12 speak to. After that, the remaining Requirements can be assessed for validity based on a cloud provider’s actual services. For example, does the cloud provider offer managed services – if so – then Requirement’s 7 and 8 could be in scope. Another example would be does the cloud provider offer managed network services – if so – then certain elements of Requirement’s 9 and 10 would be in scope. In short, you need to tailor your approach to PCI DSS compliance, and it begins with sourcing a proven and trusted PCI consultants, such as the professionals at Materdei Consulting, LLC, the founders of pcipolicyportal.com.

3. If You’re a Business Operating in the Cloud. More and more businesses are moving to the cloud, which means regulatory compliance mandates are now focusing on the cloud, and such is the case with PCI. The vendor you have contracted with “should” be performing annual PCI DSS assessments, which means that some of the more notable “Requirements” out of the 12 requirements within the PCI DSS framework will already be validated (again, hopefully validated, provided your cloud provider has performed an annual PCI assessment, and most have).
For example, Requirement 9 is has to do with physical security, for which your cloud provider’s PCI compliance assessment will cover, but there’s still much to be done in terms of YOUR own PCI compliance endeavors, so keep this in mind.  Specifically, your cloud provider is essentially providing the core cloud services, so it’s up to you to implement, configure, and validated many of the other controls and business processes you are performing.

Relying on a cloud provider’s PCI DSS assessment will definitely assist in your own PCI endeavors, but it surely doesn’t cover all the requirements, so there’s work to be done on your end. Depending on the type of cloud service you’re on – SaaS, PaaS, IaaS – such requirements can greatly vary, so talk to the a PCI cloud expert today at pcipolicyportal.com.

4. Technical Remediation is Often Necessary. One of the most important elements of a successful PCI DSS audit for businesses operation in the cloud is the ability to successfully remediate various technical and security deficiencies found within one’s control environment. For example, businesses often find that network devices need to be re-configured, passwords need to be strengthened, servers need to be re-provisioned – just a few example of the many areas of technical remediation that businesses find that they need to perform. As to how little or how much technical remediation needs to be undertaken, that all depends on the maturity of one’s control environment, something that can be assessed with a PCI DSS scoping & readiness as the front end of an audit, and not after the fact. Bottom line, being proactive in terms of PCI compliance is what’s best for every business.

If you need assistance with technical remediation, we can help as we have highly experienced security consultants on hand, yet we also offer high-quality, industry leading provisioning and hardening forms and checklists available for instant download with our PCI Policy Packets for Cloud Computing & SaaS entities.

5. Policies and Procedures Are Critical.  A day doesn’t go by in our world of regulatory compliance that we don’t hear the grumbling about writing policies and procedures. It’s boring, mundane, can take dozens of hours, and nobody really wants to eagerly raise their hand and be anointed such a task. We more than understand, and it’s why Materdei Consulting, LLC launched pcipolicyportal.com in 2009 and began offering the finest PCI policies and procedures found anywhere.

Bottom line, every business undergoing annual PCI DSS compliance must have policies and procedures in place – the essential documents describing procedures and acceptable uses of an organization’s information systems. Download the PCI Policy Packets for Cloud Computing & SaaS entities today from pcipolicyportal.com and get compliant quicker and easier than ever before.

While the vast majority of businesses are very good at what they do, they’re not too terribly good at documenting their procedures, hence the need for overhauling ones information security policies and procedures often becomes an incredibly time-consuming task – that’s even if they had any polices in place at all! The solution for developing the massive amount of PCI policies and procedures in a relatively short-period of time for businesses operating in the cloud is to download the award-winning PCI compliance toolkits and policy packets for cloud and SaaS vendors/platforms at pcipolicyportal.com today. Saving hundreds of hours and thousands of dollars on the development of PCI policies and procedures is what we do best, so turn to the PCI compliance and certification for cloud providers and SaaS vendors/platforms experts today.

6. There are Numerous Operational Initiatives to Implement.  Yes there are, such as implementing security awareness training for all employees, performing a comprehensive risk assessment, along with assessing third-party scope for possible PCI compliance. Such operational initiatives require much more than just a policy template, they actually require merchants and service providers to implement such measures. pcipolicyportal.com, the world’s leading provider of PCI policies and procedures and compliance toolkits, offers risks assessment documentation, security awareness training, along with a third-party/vendor management program. It’s all available for instant download today, so visit pcipolicyportal.com to learn more.

Nobody has hundreds of hours and thousands of dollars to spend on time-consuming policy writing, so turn to the company that’s been helping businesses all around the world since 2009 with comprehensive and cost-effective PCI DSS service and solutions. All of our documentation has been expertly written by one of the country’s leading PCI-QSA’s, thus giving you the confidence that you’re receiving the very best materials found anywhere today.

7. The Importance of Vulnerability Scanning and Penetration Testing.  Assessing one’s network for threat vectors is critically important, and that’s exactly why the PCI DSS requirements “require” vulnerability scans and penetration tests to be performed. While not all merchants and service providers have to perform scanning and pen testing – the vast majority of PCI compliance candidates have to – thus it’s important to source a long-term scanning tool and a reputable partner for PCI vulnerability tests. Vulnerability scans are essential as they help to detect external threats and internal threats, while penetration tests simulate a real-world attack and what the consequences can be. In today’s world of growing cybersecurity threats, these two initiatives are critically important, especially regarding PCI compliance and certification for cloud providers and SaaS vendors/platforms.

8. Say Hello to the Concept of “Continuous Monitoring”.  Achieving PCI compliance is a monumental milestone, but maintaining PCI DSS compliance is often much more challenging, hence the need for implementing “continuous monitoring” initiatives – the process of assessing, changing, and ultimately enhancing one’s internal controls for continued PCI DSS compliance. We highly recommend you appoint an internal compliance person to drive such efforts, as maintaining compliance can be challenging, so having an individual with a compliance background is essential, no question about it.

9. Next Steps? Simply visit pcipolicyportal.com today and download the industry leading PCI compliance and certification for cloud providers and SaaS vendors/platforms Policy Packet today. Pcipolicyportal.com also offers in-depth consulting services for your PCI DSS needs. Email us today at pci@pcipolicyportal.com to learn more.

We are the Global Leaders for PCI Policies & Procedures and Policy Templates

What’s literally unknown to the tens of thousands of businesses in North America – and around the world – is that having to comply with PCI essentially requires developing high-quality, comprehensive PCI DSS specific policies and procedures. That’s right, compliance with PCI requires your organization to have in place literally dozens of policies, all the more reason for sourcing well-written, easy-to-use PCI templates that are available for instant download today for merchants and service providers. Let’s face it, nobody likes author PCI policies and procedures, especially technical writing that requires great concentration and time commitments from your internal personnel.

To date, there are twelve core requirements for the Payment Card Industry Data Security Standards Initiatives, with each requirement needing a number of policies and procedures. Count them up, one by one, and you will require approximately 50 different PCI policies and procedures for PCI DSS compliance. Why even consider spending thousands of dollars on high-priced PCI consultants – or worse – don’t try and take your old and never used information security policies and brush them up for PCI compliance. The safe and cost-effective solution is visiting pcipolicyportal.com today and downloading the very best PCI templates, found anywhere on the Internet today. When it comes to PCI compliance and certification for cloud providers and SaaS vendors/platforms, turn to the experts at Materdei Consulting, LLC.

GDPR and FISMA

While we’re on the topic of PCI DSS compliance, two other regulatory compliance mandates come to mind: (1). GDPR compliance for US companies (2). FISMA certification and accreditation. GDPR compliance is the much newer legislation, as it takes effect in May, 2018, while FISMA has been with us since 2002, for which it was slightly amended in 2014 to incorporate new enhancements. Here’s a brief overview of both GDPR compliance for US companies and FISMA certification and accreditation.

As for GDPR, it stands for the General Data Protection Regulation, a law put forth by the European Union requiring controllers and processors to be compliant if they process (via automated means) personal data for EU Data subjects. Businesses all throughout the globe are scrambling to become GDPR compliant, and that includes North American companies. Becoming compliant with the GDPR means putting in place necessary GDPR policies and procedures, and other supporting best practices.

As for FISMA – the Federal Information Security Modernization Act (FISMA) – it requires both federal agencies and businesses provides services to these very federal agencies, to become compliant. FISMA is essentially an exercise in becoming compliant with NIST SP 800-53, the actual framework used. FISMA certification and accreditation can be a challenge indeed, and it’s why businesses need to find a competent firm to assist with, along with FISMA policies and procedures as documentation is a big part of compliance.