PCI-DSS Compliance GlobalSUITE® Software:Manage and monitor your compliance and alignment with PCI-DSS in a centralized and automated manner. Perform GAP Analysis against the PCI-DSS standard, immediately develop suitability plans, centralize the list of existing controls, and manage compliance with PCI-DSS requirements, among other activities. The product is continuously updated to the latest PCI-DSSversions that are released.
GlobalSUITE® at a glance
Thanks to GlobalSUITE’s integrated approach®, the solution’s foundation can be leveraged to grow with the different modules and tools that make up the platform, thereby taking advantage of synergies and corresponding cost and time savings. The platform can be licensed in an integrated form or separately from each of its products.
What is PCI-DSS and what does it bring to your company?
PCI DSS (Payment Card Industry Data Security Standard) is a security standard that consists of requirements necessary to protect sensitive credit and debit card information. It is mandatory for all companies that accept, process or transmit credit or debit card data to maintain a safe environment. Companies that process, store or transmit card data must meet the standard or risk losing their permissions to process credit and debit cards
There are twelve requirements or requirements that PCI SSC proposes as a requirement to follow:
- Requirement 1: Firewall settings to protect card owners’ data.
- Requirement 2:Do not use system passwords and other default security settings provided by vendors. Protect Card Owners Data.
- Requirement 3:Protect stored data from card owners.
- Requirement 4:Encrypt card owners’ data and sensitive information transmitted over open public networks. Maintain a Vulnerability Management Program.
- Requirement 5:Use and regularly update antivirus software.
- Requirement 6: Develop and maintain secure systems and applications. Implement robust access control measures.
- Requirement 7:Restrict access to data based on the official’s need to know the information.
- Requirement 8: Assign a unique ID to each person who has access to a computer.
- Requirement 9: Restrict physical access to card owners’ data. Regularly monitor and test networks.
- Requirement 10:Track and monitor all access to network resources and card owners’ data.
- Requirement 11:Regularly test security systems and processes. Maintain an Information Security Policy.
- Requirement 12:Maintain a policy that contemplates information security.
Continuous assessment of compliance status
It allows to centrally manage the controls established together with their evidence, with traceability to each PCI requirement, as well as the implementation of several requirements that the standard establishes, such as component inventory, risk management, incident management or management of audit findings.
Managing controls and evidence
Thanks to GlobalSUITE®, one of the fundamental parts to achieve PCI compliance, can be done in a distributed and collaborative way among the different managers of the areas involved.