Get Instant Access
to This Blueprint

Security icon

Cut PCI Compliance and Audit Costs in Half

Seven steps to aggressively simplify and secure what really matters.

  • Many merchants still have not addressed their PCI compliance obligations, or if they are currently in the middle of the process (or even completed it), are unaware of how to do it in a cost-effective way and get bogged down in the details.
  • Organizations need to understand the options available to them to simplify PCI compliance while still meeting the criteria.

Our Advice

Critical Insight

  • Organizations need to realize that focusing on compliance over security doesn’t actually address the risks they face.
  • The focus should be on securing what is absolutely necessary, which means that holding onto credit card information may not be required.
  • PCI compliance is not just about technology. Organizations need an action plan that combines technology, policy, and training and awareness to ensure compliance success.
  • PCI does not just belong to one department – it is an organization-wide responsibility, from finance, to IT, to employees who are at the forefront of actually handling the transactions.

Impact and Result

  • Understand what your organization needs in regards to achieving PCI compliance, and use that information to find opportunities to simplify.
  • Creating an action plan that involves all related parties ensures that everyone starts off on the same page and cooperatively tackles compliance as a team, rather than disjointed parties. Organizations will find more success with a group effort.

Cut PCI Compliance and Audit Costs in Half

1. Understand the importance of becoming PCI compliant

Understand the effects of remaining non-compliant, and what it costs to reach compliance.

Storyboard: Cut PCI Compliance and Audit Costs in Half

2. Record compliance-related information and identify opportunities to do compliance better

Use the capture tool to identify gaps and opportunities, as well as specific strategies that work best with your organization’s requirements.

PCI Simplification Capture Tool

3. Review 12 PCI Core Requirements

Review each requirements and the key actions you need to take to address them.

4. Determine Simplification Strategy and Communication Plan

Create a communication document to properly inform stakeholders and secure their buy-in. Document and maintain all PCI related information in one central location.

PCI DSS Compliance Communication Plan
PCI DSS Action Plan

Member Testimonials

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.

Client

Experience

Impact

$ Saved

Days Saved

Chatham County, GA

Guided Implementation

9/10

N/A

2

Plumbing Distributors

Guided Implementation

10/10

$30,999

29

The Leading Hotels of the World, Ltd.

Workshop

6/10

N/A

N/A

City Of Airdrie

Guided Implementation

10/10

$8,000

10

Load More Testimonials

Onsite Workshop: Cut PCI Compliance and Audit Costs in Half

Onsite workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost onsite delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: Evaluate your current state and gap analysis

The Purpose

After completing this section, you will understand:

  • The goals you have established in relation to this project.
  • What’s a stake if you do not prioritize PCI compliance.
  • Your current state in relation to PCI and security policies and procedures.
  • The gaps that are preventing you from being successful at compliance.

Key Benefits Achieved

You will identify key opportunities within policy and procedural gaps to improve compliance practices.

Activities

Outputs

1.1

Getting started and goal setting

  • PCI compliance goals
1.2

Evaluate your current state

  • Sneak Audit
1.3

Map 12 PCI core requirements to your current state

  • PCI Simplification Action Plan

Module 2: Determine Simplification Strategy & Communication Plan

The Purpose

After completing this section, you will understand:

  • The gaps that exist in relation to the 12 PCI requirements.
  • A prioritization plan on how to tackle the gaps.
  • How to effectively communicate PCI processes to stakeholders and employees.
  • How to document and maintain PCI related information in an Action Plan.

Key Benefits Achieved

Having completed this module, you will be able to:

  • Track gap remediation progress, and have a process in place to identify gaps on an annual basis.
  • Communicate any changes related to PCI to key players and obtain buy-in.
  • Train employees to effectively handle and manage transactions and PCI-related information.

Activities

Outputs

2.1

Complete gap prioritization

  • PCI Simplification Strategy
2.2

Identify PCI simplification strategy

  • PCI Simplification Action Plan
2.3

Develop a PCI Simplification Launch Plan

  • Communication Plan
  • Training and awareness resources
Unlock This Blueprint

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Need Extra Help?
Try Our Guided Implementations

Get the help you need in this 1-phase advisory process. You'll receive 4 touchpoints with our researchers, all included in your membership.

  • Call #1 - Evaluate your current state

    Know what you are working with: Do you know where your security policies are? How about past audits completed? Understanding what your organization is doing in regards to compliance, even if you’re not in IT, is vital to your compliance success.

  • Call #2 - Understand PCI requirements & prioritize your compliance gaps

    PCI has 12 core requirements surrounding recommendations for topics like firewalls, maintaining a security policy, and more. Map your problem areas to these requirements to determine gaps.

  • Call #3 - Identify your PCI simplification strategies

    Now that your priorities are established, it’s time to discuss what your next steps are in achieving compliance in your gap areas. We’ve broken it down into four tactic areas that will address your compliance needs.

  • Call #4 - Build a Simplification Launch Plan

    Communicating PCI compliance to the broader organization is almost half the battle. Prepare a communication plan for stakeholders, and training and awareness for employees, to ensure everyone is on the same page.

Contributors

  • Morgan and Pottinger
  • ALON USA
  • Service Repair Solutions Inc.
  • East Central Energy
  • City of Calgary
Visit our COVID-19 Resource Center and our Cost Management Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019
© Info-Tech Research Group | Terms of Use | Privacy Policy