Documentation Of PCI Compliance Processes? No Thanks! Small Company PCI Compliance
For manifold Merchants subject to the PCI DSS, September is through all ages. a significant deadline for proving that consent with the security measures of the PCI DSS has been met. Unless you are a Tier 1 merchant (transacting in excess of 6 the masses card sales each year) and heart audited by a PCI Security Standards Council QSA (Qualified Security Assessor) then you will be using the Self-Assessment path. SAQ D is the most commonly used Self Assessment Questionnaire for medium to large scale merchants.
Regardless of what one. type of Merchant your organization is classified in the manner that, the issues are firstly to oddity measures in place to meet obedience with the requirements, (so either inaugurate some security technology, e.g. a file integrity monitor, or define and document security procedures), and secondly, to confirm that the measures are effective. For smaller merchants, processes are typically not documented inasmuch as there has previously been no require to do so. It stands to intellect that for a small-scale IT Department, processes are commensurately simple to justify and operate, and as such, wont have needed to be documented. This core the case, however, it could also be argued that the documentation of processes, and proving that they be in action, is also very simple.
No comments:
Post a Comment