Compliance with the Payment Card Industry (PCI) Data Security Standard (DSS) is mandatory for all merchants that process, store or transmit credit card data. If your business accepts credit card numbers over the phone, processes transactions in-person, or keeps paper records that contain credit card numbers, there are PCI requirements concerning that aspect of your business.
At Canaudit, we understand the challenges businesses face when updating their systems to meet regulations. What matters to all organizations is effective, timely compliance and maintenance of the PCI DSS standard delivered within an acceptable budget. We emphasize the need to implement security controls as an ongoing process instead of simply completing a checklist when it is time for an annual review. This allows organizations to be in a continuous state of compliance with minimal operational overhead.
The PCI DSS includes a number of controls that pertain to:
- Network Architecture
- Network Configuration
- Application Data Management
- Data Storage
- System Security Protocols
- POS Systems Configurations
- IT Operations in Business Processes
Canaudit’s ability to map your network, demonstrate potential and actual access, and prioritize risk will ensure you meet PCI DSS requirements, particularly with the technical requirements related to firewalling, network segmentation and penetration testing.