FFIEC News

Brabeion Software Joins PCI Security Vendor Alliance and Helps Major Retailers Meet PCI Data Security Standard Deadlines

Reston, VA – September 26, 2007 – Brabeion Software, a leader in IT Risk and Compliance Management, today announced that it has joined the Payment Card Industry Security Vendor Alliance (PCI SVA). As a member, Brabeion will partner with member companies of the payment card industry to educate the business community on the requirements and associated business value of the Payment Card Industry Data Security Standard (PCI DSS).

Brabeion also announced today the availability of its PCI whitepaper that defines how to design, measure and monitor IT controls for a PCI compliance management system. Brabeion’s solution is already helping major retailers meet PCI requirements by improving and automating compliance reporting while reducing risks and costs. These customers include Chevron and DirecTV as well as a Fortune 500 global beverage company, a Fortune 100 cosmetics company and a Fortune 500 transportation company. Recent industry studies have shown that nearly half of PCI DSS regulated companies are not yet in compliance – and that regular testing is the main failure point for audited companies. Brabeion is driving a new class of IT Governance, Risk & Compliance (IT GRC) tools which bring a more strategic and sustainable approach to compliance programs.

“The Brabeion software platform can quickly add value by automating an integrated policy program, its accompanying procedures and auditable IT controls so that organizations can repeatedly test for and successfully meet PCI DSS requirements. For organizations complying with multiple regulations, Brabeion offers a scalable and cost-effective approach for unifying governance, risk and compliance management,” said Steve Schlarman, chief compliance strategist for Brabeion Software.

PCI DSS is an important set of policies and procedures aimed at securing transactions and credit cardholders' personal information, formed by Visa, MasterCard, American Express and Discover. In response to an increasing number of credit card and identity theft incidents, the PCI DSS effort was accelerated last December and large tier one retailers – those that process more than 6 million credit card transactions per year – are now bound to comply with a September 30, 2007 deadline. Many other retailers will need to comply by the end of 2007, and failure to meet the terms can result in large fines and possibly even prohibition from credit card programs.

Brabeion also offers a comprehensive knowledgebase of proven content – thousands of audit-ready policies, procedures, IT controls and standards mapped to PCI requirements for clear definition and evaluation. Additionally, Brabeion allows enterprises to extend PCI efforts into other areas of compliance with the ability to map to other regulations and frameworks to avoid duplication and re-use assessments and tests. To request a copy of the Brabeion PCI whitepaper please visit: http://www.brabeion.com/files/Brabeion_ITRACMS_Sept2007.pdf .

About PCI SVA PCI SVA (http://www.pcialliance.org) assists members of the payment card industry, composed of merchants, banks and point-of-sale vendors, in educating the business community on the requirements and business value of the Payment Card Industry (PCI) Data Security Standard, a global benchmark intended to improve security throughout the entire payment card transaction process.

Share or bookmarklet this web page at: