The Cove Business Standards Discussion Forums More Free Files Forum Discussion Thread Post Attachments Listing Cove Discussion Forums Main Page
UL - Underwriters Laboratories - Health Sciences
Go Back   The Elsmar Cove Business Systems and Standards Discussion Forums > National and International Business System Standards > IEC 27001 - Information Security Management Systems (ISMS)
Forum Username

Elsmar Cove Forum Visitor Notice(s)

Wooden Line

Does anyone here have experience implementing PCI DSS (Data Security Standard) - Page 2


Elsmar XML RSS Feed
Elsmar Cove Forum RSS Feed

Monitor the Elsmar Forum
Sponsor Links




Courtesy Quick Links


Links Elsmar Cove visitors will find useful in the quest for knowledge and support:

Jennifer Kirley's
Conway Business Services


Howard's
International Quality Services


Marcelo Antunes'
SQR Consulting, and
Medical Devices Expert Forum


Bob Doering
Bob Doering's Blogs and,
Correct SPC - Precision Machining


Ajit Basrur
Claritas Consulting, LLC



International Standards Bodies - World Wide Standards Bodies

ASQ - American Society for Quality

International Standards Organization - ISO Standards and Information

NIST's Engineering Statistics Handbook

IRCA - International Register of Certified Auditors

SAE - Society of Automotive Engineers

Quality Digest

IEST - Institute of Environmental Sciences and Technology


Some Related Topic Tags (Not all threads are Tagged)
data security, iso 27000 series - information technology security, pci - payment card industry security standards council, pci security standard
Reply
 
Thread Tools Search this Thread Rate Thread Content Display Modes
  Post Number #9  
Old 17th March 2015, 04:34 AM
Moonlight17's Avatar
Moonlight17

 
 
Total Posts: 25
Re: Does anyone here have experience implementing PCI DSS (Data Security Standard)

Hi there Ajay,

Many thanks for your message.
We got through the stage 1 certification in January - no problem.
This was for the document storage/access control/security.

We will move on to stage 2 next - so may be calling for help again soon!!

Thanks again

Sponsored Links
  Post Number #10  
Old 17th March 2015, 11:06 AM
aelgum

 
 
Total Posts: 7
Re: Does anyone here have experience implementing PCI DSS (Data Security Standard)

Hi..

Sure any time.
u can always reach me aelgum at gmail dot com
Sponsored Links

  Post Number #11  
Old 16th June 2017, 04:06 AM
john.b

 
 
Total Posts: 81
Re: Does anyone here have experience implementing PCI DSS (Data Security Standard)

A company that spun off from mine, which we still support, is just starting to review PCI DSS certification. It's fascinating because of the differences from ISO 27001, which both the company I work in and that company are certified to.

One weakness of 27001 is that the controls application required for certification is so non-specific; next to nothing could be in place as coverage but as long as it's well documented with related risks acknowledged and accepted that's fine. It's not clear to me yet if PCI DSS could be more successful with identifying and requiring a specific and practical level of coverage.

The structure of the body developing the standard and for those doing the auditing and certification work is different than with ISO. The same body makes the standard, supports otherwise with training development, and accredits related reviewers, filling three different roles (and maybe others I'm not familiar with). There isn't as clear a requirement for separation between auditors and consulting / implementation support as well.

I asked someone presenting related to doing support how all that could work, why the potential conflict isn't a problem, and he gave an interesting answer that seems to work. The body developing all of it is aware there is potential for abuse and one control is a review process that occurs whenever credit card data is actually stolen, when information security incidents do occur. Requirements for record keeping by consultants and auditors (and by companies that implement the standard) document protections in place, and a review will show where those broke down. If a supporting implementer, consultant, or auditor cut a corner and didn't do what they claimed then it would show up in review, although of course there is still plenty of room for operations errors, for well-designed protections to not work for different reasons.

It's strange to build a system to be secure through a feedback mechanism triggered by failure but it still sort of works. 27001 is too broad; it couldn't work for that in the same way. There would need to be a special interest group like the set of major credit card companies policing every possible security break-down, every case of hacking, or information theft, etc., and that's obviously completely unworkable. For credit cards it's not; if one person gets your one Mastercard or Visa number somehow that huge related company can look into that one small lapse, and they have good reason to.
Reply

Lower Navigation Bar
Go Back   The Elsmar Cove Business Systems and Standards Discussion Forums > National and International Business System Standards > IEC 27001 - Information Security Management Systems (ISMS)

Bookmarks



Visitors Currently Viewing this Thread: 1 (0 Registered Visitors (Members) and 1 Unregistered Guest Visitors)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Forum Search
Display Modes Rate Thread Content
Rate Thread Content:

Forum Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Emoticons are On
[IMG] code is On
HTML code is Off


Similar Discussion Threads
Discussion Thread Title Thread Starter Forum Replies Last Post or Poll Vote
Does anyone have experience implementing a Tiered QMS? ehatheway AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 3 11th November 2016 03:14 PM
Implementing ISO 27001 A12.1.1 Security Requirements Analysis and Specification lufaso IEC 27001 - Information Security Management Systems (ISMS) 2 19th April 2014 02:12 AM
The Journey, the Audits, my Experience - Implementing ISO 9001 and14263 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3 8th July 2010 08:55 AM
Implementing ISO14001 with no training, experience or understanding of the standard Enviroken Environmental Related Standards 5 26th January 2006 04:18 AM
Implementing ISO 9001 or other QMS - Five Questions about your experience Carlos Echeverry ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1 26th April 2004 07:18 PM



The time now is 12:39 AM. All times are GMT -4.
Your time zone can be changed in your UserCP --> Options.


 
 


NOTE: This forum uses "Cookies"