Keross: PCI Compliance Checklist – Best Practices
February 2010 by Marc Jacob
The Payment Card Industry Data Security Standard (PCI DSS) has changed the way merchants around the world handle personal and account data. Stringent control mandates, audit reporting requirements, and the threat of hefty penalties for noncompliance have compelled companies that process payment cards to closely review—and in many cases revamp—operational networks and systems.
As a relatively specific and granular information security standard, PCI challenges organizations at many levels: interpretation, implementation, assurance, and integration. The standard itself lists almost 200 control objectives that organizations must meet, track, maintain and audit to achieve compliance. Some requirements, such as daily log review and vulnerability testing, cannot practically be met with manual methods. In addition, tracking PCI controls and related assurance materials consumes extraordinary time and budget in many companies. This PCI compliance “overhead” not only diverts key IT resources from mission-critical operational functions, it also undermines PCI’s potential value as a model of information security for all key operational systems.
IKON PQM has been designed by auditors for auditors to help companies reduce the cost and complexity of PCI compliance programs. Built on a globally accessible SaaS platform, PQM provides powerful automation and built-in expertise, allowing managers to more easily identify—and demonstrate—what PCI requires, what needs to be accomplished for compliance, and how PCI security controls can be harmonized with the overall organizational information security practice.
PQM is uniquely designed to support elemental PCI compliance programs, as well as the integration of programmatic audit and control initiatives into holistic operational governance practice. Incorporating the T2P Rationalized Operational Control KnowledgebaseTM (ROCK), PQM categorizes, ranks, and weights a harmonized set of hundreds of operational control objectives. Managers can choose, sort, and track controls just for PCI; compare existing information security control practices to IKON’s rationalized list of operational best practices; and easily identify new opportunities for process efficiency across disparate information security and audit programs.
Please review some of our Audit Checklist :
PCI DSS 1.2 Requirements
Log Management Audit Checklist