PCI-DSS Compliance GlobalSUITE software®: Manage and monitor your PCI-DSS compliance and alignment centrally and automated. Performs GAP Analysis against the PCI-DSS standard, immediately develops adequacy plans, centralizes the list of existing controls, and manages compliance with PCI-DSS requirements, among other activities. The product is continuously updated to the latest versions of PCI-DSS that are released.
Thanks to GlobalSUITE’s integrated approach®, the solution’s foundation can be leveraged to grow with the different modules and tools that make up the platform, thereby taking advantage of synergies and corresponding cost and time savings. The platform can be licensed in an integrated form or separately from each of its products.
Managing controls and evidence
Thanks to GlobalSUITE®, one of the fundamental parts to achieve PCI compliance, can be done in a distributed and collaborative way among the different managers of the areas involved.
Continuous assessment of compliance status
It allows to centrally manage the controls established together with their evidence, with traceability to each PCI requirement, as well as the implementation of several requirements that the standard establishes, such as component inventory, risk management, incident management or management of audit findings.
PCI DSS (Payment Card Industry Data Security Standard) is a security standard that consists of requirements necessary to protect sensitive credit and debit card information. It is mandatory for all companies that accept, process or transmit credit or debit card data to maintain a safe environment. Companies that process, store, or transmit card data must meet the standard or risk losing their permissions to process credit and debit cards There are twelve requirements or requirements that PCI SSC proposes as a requirement to follow:
- Requirement 1: Firewall settings to protect card owners’ data.
- Requirement 2:Do not use system passwords and other default security settings provided by vendors. Protect Card Owners Data.
- Requirement 3:Protect stored data from card owners.
- Requirement 4:Encrypt card owners’ data and sensitive information transmitted over open public networks. Maintain a Vulnerability Management Program.
- Requirement 5:Use and regularly update antivirus software.
- Requirement 6: Develop and maintain secure systems and applications. Implement robust access control measures.
- Requirement 7:Restrict access to data based on the official’s need to know the information.
- Requirement 8: Assign a unique ID to each person who has access to a computer.
- Requirement 9: Restrict physical access to card owners’ data. Regularly monitor and test networks.
- Requirement 10:Track and monitor all access to network resources and card owners’ data.
- Requirement 11:Regularly test security systems and processes. Maintain an Information Security Policy.
- Requirement 12:Maintain a policy that contemplates information security.