PCI DSS HEALTH CHECK
What is a PCI DSS health check?
LRQA Nettitude’s PCI DSS health check service helps organisations to always maintain compliance. We help you to avoid unexpected issues and costs at the time of your annual assessment.
Organisations often take the view that PCI DSS assessments are project-like in nature; an activity completed once a year. Following a successful assessment, this view often results in teams ‘taking their foot off the pedal’ and neglecting to maintain business as usual processes required by the standard. This can not only leave you out of compliance and needing to urgently remediate, but can lead to financial penalties, more expensive audits, and most troubling at increased risk of a credit card data breach.
Why Is This A Problem?
The challenge with PCI DSS is that it needs to be in place 365 days of the year. It is common for organisations to find that during their annual assessment their Qualified Security Assessor (QSA) will raise problems that could have been avoided with strong business as usual processes. This means the risk of a requirement is found not to be in place, and a non-compliant outcome or prolonged assessment period to allow for remediation. Merchants who fall out of compliance will also need to tell their acquiring bank and face increased risk of non-compliance charges.
Why Perform A PCI Health Check?
A regular and proactive health check can save you money and reduce the risk of a breach of cardholder data. If you’re found to be non-compliant during your annual assessment, your QSA company will probably have to charge you for additional time to complete the assessment. You’ll also need to prioritise remediation and allocate resources to this, which can negatively impact other areas of your organisation. If you’re a service provider, your non-compliance automatically cascades down to your clients, and you may even be in breach of contract.
Benefits Of A PCI Health Check
Our PCI DSS health check service helps you to monitor compliance and ensure that your ongoing PCI DSS obligations are being met. This helps you to
- Reduce the risk of a non-compliant annual assessment
- Demonstrate ongoing compliance with PCI DSS throughout the year
- Minimise costs associated with unexpected remediation efforts
- Reduce the likelihood of non-compliance charges from an acquiring bank
- Identify compliance issues proactively
- Ensure your PCI DSS compliance regime updates as changes in your organisation occur
- Maximise the return on investment in activities such as vulnerability scanning and penetration testing
How Can LRQA Nettitude Help?
We recommend you review your PCI DSS status on at least a quarterly basis as part of your PCI compliance management strategy. In support of this, our PCI DSS health check service can be used on an ongoing basis throughout the year. We can also provide a one-off review to check your current status.