FFIEC News

Compliance Spectrum Adds PCI Framework to Spectra to Automate Compliance Lifecycle

(Aug 30, 2007)-- Compliance Spectrum, provider of IT governance, risk, and compliance (GRC) solutions  announced that it has joined the Payment Card Industry Security Vendor Alliance (PCI SVA). As a member, Compliance Spectrum will partner with member companies to educate the business community on the requirement and associated business value of the Payment Card Industry (PCI) Data Security Standard.

PCI DSS is an important standard that benefits consumers by mandating the protection of personally identifiable data (PID). Implementing PCI DSS provides merchants with a powerful way to assure their client base that their data will be protected throughout the payment card transaction process including the storage of that information.

Major credit card companies are pushing hard to stop the financial fraud incidents that have affected numerous organizations and their consumers. Consequently, organizations that accept payment card transactions are duly bound to comply with PCI DSS by end of 2007.

"There is definitely an increase in the number of global customers who are implementing the PCI security standard and seeking tools to automate the compliance process," said Chrisan Herrod, Executive Editor of IT Compliance Magazine (www.itcmonline.com). "Companies are implementing these standards because the consequences of non-compliance are substantial - organizations risk not being allowed to handle cardholder data and fines of up to $500,000 if the data is lost or stolen."

To assist companies in their preparations for implementing PCI DSS, Compliance Spectrum has developed a PCI version of their IT GRC product--Spectra. Spectra for PCI includes an automated version of the PCI framework that maps the requirements of the framework against a company's existing IT controls and identifies where gaps and vulnerabilities exist. This dramatically reduces the cost of consulting services required to manually identify those gaps and vulnerabilities, and provides an organization with the ability to rapidly address issues in preparation for audits and meeting the end of year deadline for compliance.

Share or bookmarklet this web page at: