What is PCI-DSS and what does it bring to your company?
PCI DSS (Payment Card Industry Data Security Standard) is a security standard that consists of requirements necessary to protect sensitive credit and debit card information. It is mandatory for all companies that accept, process or transmit credit or debit card data to maintain a safe environment. Companies that process, store or transmit card data must meet the standard or risk losing their permissions to process credit and debit cards
There are twelve requirements or requirements that PCI SSC proposes as a requirement to follow:
- Requirement 1: Firewall settings to protect card owners’ data.
- Requirement 2:Do not use system passwords and other default security settings provided by vendors. Protect Card Owners Data.
- Requirement 3:Protect stored data from card owners.
- Requirement 4:Encrypt card owners’ data and sensitive information transmitted over open public networks. Maintain a Vulnerability Management Program.
- Requirement 5:Use and regularly update antivirus software.
- Requirement 6: Develop and maintain secure systems and applications. Implement Robust Access Control Measures.
- Requirement 7:Restrict access to data based on the official’s need to know the information.
- Requirement 8: Assign a unique ID to each person who has access to a computer.
- Requirement 9: Restrict physical access to card owners’ data. Regularly monitor and test networks.
- Requirement 10:Track and monitor all access to network resources and card owners’ data.
- Requirement 11:Regularly test security systems and processes. Maintain an Information Security Policy.
- Requirement 12:Maintain a policy that contemplates information security.
''Our product for centrally managing and monitoring PCI compliance''
Discover our software for PCI DSS
PCI-DSS Compliance GlobalSUITE® Software:Manage and monitor your compliance and alignment with PCI-DSS in a centralized and automated manner. Perform GAP Analysis against the PCI-DSS standard, immediately develop suitability plans, centralize the list of existing controls, and manage compliance with PCI-DSS requirements, among other activities. The product is continuously updated to the latest PCI-DSSversions that are released.
It allows the conduct of differential analyses on PCI regulations, definition of maturity levels for each requirement, visualization of the result through different graphs, comparison of the results of different analyses and the export of the information for reporting.
It enables the development of the adequacy plan for each differential analysis, the automatic identification of the requirements that are not met, the definition of actions for each unfulfilled requirement and its follow-up.
The platform manages the evidence handled centrally, provides a detailed record of electronic and physical evidence, association with the document manager for electronic evidence and each evidence with the corresponding controls.
It enables centralized management of controls, association of controls with PCI requirements, evaluation of control effectiveness and configuration of methodologies, publication of control surveys. Association of controls with risks and calculation of residual risk from the effectiveness of the controls.
Risk analysis and management
It has inventory of assets and components, dependencies between assets, components and processes, as well as identification, analysis and risk assessment. The definition of risk management plans, the configuration of methodologies for the calculation of risks. GlobalSUITE comes with predefined risk catalogs and controls. It allows the publication of asset and risk surveys and the management of historical analysis and risk management.
The tool allows the management of compliance with PCI regulations, defining the maturity status of each requirement showing graphs of them. It also allows the association of documents (policies, procedures and records) related to each requirement, and the controls related to them, and the management of historical for the same catalog of requirements.
Publishing compliance surveys
The software enables the design of surveys with questions for each requirement, the sending of surveys via email and the consolidation of all the answers in a single catalog.
Balanced Scorecard and Dashboards
The comprehensive dashboard enables strategic management and control of the organization through different metrics and automatic indicators, and alerts via e-mail.
Continuity, availability, capacity and training plans
The platform allows the management of several simultaneous plans and carry out a history of each of the plans.
Continuous assessment of compliance status
It allows you to centrally manage the controls established together with your evidence, with traceability to each PCI requirement, as well as the implementation of various requirements set by the standard, such as component inventory, component management riskmanagement, incident management or management of audit findings.