White Papers for Federal Financial Institutions Examination Council (FFIEC)

Maintaining Continuous Compliance with PCI DSS Requirements

Triumphant

The Payment Card Industry Data Security Standard (PCI DSS) has in recent years emerged as a de-facto best practices security approach in the payment card industry. A descendent of the established ISO-17799 security standard, PCI’s predecessor was developed originally by VISA as part of its Cardholder Information Security Program (CISP) in 1999. Becoming PCI compliant, at least initially, is a challenging yet surmountable process. Re-asserting compliance in following audits is significantly more difficult, and maintaining compliance between audits is an even greater challenge, though provides significant value to organizations. Breaches inevitably lead to association or court appointed audits, and an inability to demonstrate that the breach was not a result of a failing control will likely lead to undesired conclusions. This explains the growing trend among leading IT teams to seek and implement compliance tools that are designed to support continued compliance.

View the White Paper

Share or bookmarklet this web page at: