Today, Procard LTD finished its annual PCI DSS audit. The independent auditing company Advantio Ltd. (Dublin, Ireland) confirms the compliance of Procard information infrastructure to requirements of PCI DSS version 3.2.1.
This is a very important step in building an independent third party processor on the base of our data center and allows Procard LTD to successfully implement itself in the IPS Visa and MasterCard.
A few words about PCI DSS.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security requirements designed to protect cardholder data during payment card processing. Here are the key points to cover in your article:
- Understanding PCI DSS Audit:
- Definition: A PCI DSS audit is a comprehensive assessment of an organization’s adherence to the PCI security standards.
- Purpose: To verify that the organization has implemented necessary controls and security measures to protect sensitive cardholder data.
- Frequency: Typically conducted annually, but the frequency may vary based on the organization’s level and risk profile.
- Audit Steps:
- Pre-engagement:
- Determine the scope of the audit.
- Engage with a Qualified Security Assessor (QSA) or an Internal Security Assessor (ISA).
- Pre-onsite:
- Conduct an initial gap assessment to ensure readiness.
- Clarify requirements and expectations.
- Onsite:
- Validate and document compliance during the audit.
- Address any identified gaps or issues.
- Post-onsite:
- Collaborate on remediation steps.
- Prepare the Report on Compliance (ROC).
- Ongoing Support:
- Continuously monitor compliance.
- Seek guidance from QSAs when needed.
Key considerations for Procard LTD after audit:
- Risk Assessment: The company creates and uses a real system for evaluating threats and vulnerabilities.
- Policies and Procedures: Procard develops a strong foundation for compliance - information security policies and procedures and strongly follows all these rules in everyday business processes.
- Latest Standard: All of the staff stays informed about updates.
- Documentation: All documentation of Procard is maintained with accurate records.
- Qualified Assessors: The company prefers to work with QSAs or ISAs.