PCI Policies and Procedures | The Biggest PCI Compliance Danger Nobody is Talking About
Compliance with the Payment Card Industry Data Security Standards (PCI DSS) provisions can be a daunting task indeed, so much so that merchants and service providers are actively seeking out compliance experts, and unfortunately, at exorbitant costs. And to be fair, a large and growing number of organizations having to comply with the PCI DSS standards simply are not ready. They lack the technical infrastructure, operational manpower along with the necessary skill-sets internally for achieving compliance. Additional hardware costs and operational personnel can be an expensive proposition indeed, but it can pale in comparison at times to the biggest danger and pitfall for all of PCI compliance-policies and procedural documents. That’s right-companies are struggling like never before to develop a wide range of policy, procedural, and organizational wide documents that are required by the current Payment Card Industry Data Security Standards (PCI DSS) mandates. Read the entire PCI DSS Version 1.2.1 requirements lately? If so, you’ll quickly see that throughout the 12 different areas, simply known as “requirements”, there are numerous mandates for PCI policies and procedural documents. One-by-one, they start to add up, creating an incredible amount of work to be undertaken. What’s worse, most organizations walk into PCI focusing primarily on many of the core criteria, such as firewall hardening, network logging, anti-virus updates, along with many other traditional security initiatives. They suddenly realize the importance of many of the non-technical requirements, such as having documented PCI policies and procedures in place. According to John Arrington, a veteran of the payments industry, “the task of developing PCI policies and procedures has become one of the biggest financial and operational obstacles for compliance, costing companies thousands of dollars”. He adds, “think about this, most companies have almost nothing in the way of documented policies and procedures, and then you are asked to step up to the plate and develop a whole set of technical and operational documents for PCI compliance; daunting indeed from a cost and time perspective”.
Arrington’s solution is to use pcipolicyportal.com, an organization developed solely for the purpose of providing companies with a 215 + page, easy-to-use and edit PCI DSS policy and procedure manual that’s available for immediate download. Written by industry experts, it includes all PCI policies and procedures necessary for compliance, saves organizations thousands of dollars, and is currently being used by companies all over the world.