- Many merchants still have not addressed their PCI compliance obligations, or if they are currently in the middle of the process (or even completed it), are unaware of how to do it in a cost-effective way and get bogged down in the details.
- Organizations need to understand the options available to them to simplify PCI compliance while still meeting the criteria.
Our Advice
Critical Insight
- Organizations need to realize that focusing on compliance over security doesn’t actually address the risks they face.
- The focus should be on securing what is absolutely necessary, which means that holding onto credit card information may not be required.
- PCI compliance is not just about technology. Organizations need an action plan that combines technology, policy, and training and awareness to ensure compliance success.
- PCI does not just belong to one department – it is an organization-wide responsibility, from finance, to IT, to employees who are at the forefront of actually handling the transactions.
Impact and Result
- Understand what your organization needs in regards to achieving PCI compliance, and use that information to find opportunities to simplify.
- Creating an action plan that involves all related parties ensures that everyone starts off on the same page and cooperatively tackles compliance as a team, rather than disjointed parties. Organizations will find more success with a group effort.
Member Testimonials
After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.
6.0/10
Overall Impact
$2,519
Average $ Saved
2
Average Days Saved
Client
Experience
Impact
$ Saved
Days Saved
Noble Research Institute, LLC
Guided Implementation
6/10
$2,519
2
Chatham County, GA
Guided Implementation
9/10
N/A
2
Plumbing Distributors
Guided Implementation
10/10
$30,999
29
Best parts: 1. Analyst was willing to change the agenda after clarification of my end goals. 2. Analyst did a superb job at identifying items l... Read More
The Leading Hotels of the World, Ltd.
Workshop
6/10
N/A
N/A
City Of Airdrie
Guided Implementation
10/10
$8,000
10
We were heading down the path of a complete environmental scan and the information set us on the path to put most of the workload on the vendors.
Workshop: Cut PCI Compliance and Audit Costs in Half
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Module 1: Evaluate your current state and gap analysis
The Purpose
After completing this section, you will understand:
- The goals you have established in relation to this project.
- What’s a stake if you do not prioritize PCI compliance.
- Your current state in relation to PCI and security policies and procedures.
- The gaps that are preventing you from being successful at compliance.
Key Benefits Achieved
You will identify key opportunities within policy and procedural gaps to improve compliance practices.
Activities
Outputs
Getting started and goal setting
- PCI compliance goals
Evaluate your current state
- Sneak Audit
Map 12 PCI core requirements to your current state
- PCI Simplification Action Plan
Module 2: Determine Simplification Strategy & Communication Plan
The Purpose
After completing this section, you will understand:
- The gaps that exist in relation to the 12 PCI requirements.
- A prioritization plan on how to tackle the gaps.
- How to effectively communicate PCI processes to stakeholders and employees.
- How to document and maintain PCI related information in an Action Plan.
Key Benefits Achieved
Having completed this module, you will be able to:
- Track gap remediation progress, and have a process in place to identify gaps on an annual basis.
- Communicate any changes related to PCI to key players and obtain buy-in.
- Train employees to effectively handle and manage transactions and PCI-related information.
Activities
Outputs
Complete gap prioritization
- PCI Simplification Strategy
Identify PCI simplification strategy
- PCI Simplification Action Plan
Develop a PCI Simplification Launch Plan
- Communication Plan
- Training and awareness resources