PCI DSS adoption has made great strides in the past few years. Awareness has grown steadily, catalyzed by repeated news of high profile breaches. And most importantly, the collective efforts of the PCI Industry continue to really make an impact.
Encouragingly, organizations that maintain PCI DSS compliance are finally making their compliance “business as usual”. Their processes, practices, and culture around PCI compliance are now stronger than ever.
One often-overlooked risk associated with PCI compliance, however, is the lack of consistent monitoring of critical PCI Council and Card Brand information. Organizations update third-party proof of compliance during audits and incidents… but what about the other 364 days a year? Records of critical PCI Council and Card Brand data change regularly - and failing to keep up with these changes results in lapses that go unnoticed...until it’s too late.
For example, if your organization is exchanging security scans or pen-tests with third-parties, when is the last time you checked to see if the Approved Scanning Vendor is still on the PCI Council's list?
Similarly, when is the last time you checked the Visa or MasterCard list to see if a critical provider's information or ROC has expired? Are you assuming they renewed their compliance as expected? Most companies only catch these types of changes during audits or related incidents - leaving them exposed to risk.
Therefore, how are you keeping up with the PCI Council certification of the third-parties you rely on? How frequently is your organization checking for changes in third-party information? What are the risks/cost of out-of-date public PCI Council and Card Brand information for your organization?
There’s a better way. Real-time notifications of changes in third-party compliance information is the answer. ProofPort can help. We make it easy and automatic to keep up with changes on the PCI Council and Card Brand lists. ProofPort’s notifications will keep your compliance teams, systems, and processes up-to-date and out of harm’s way.
Your audits can be easier, your incidents less frequent, your QSA thankful for less paper-chasing, and your boss appreciative of risks and costs avoided.
Start using ProofPort for free today.
May your PCI data never be out-of-date again!