Search the Elsmar Cove!
**Search ALL of Elsmar.com** with DuckDuckGo including content not in the forum - Search results with No ads.

Does anyone here have experience implementing PCI DSS (Data Security Standard)

M

Moonlight17

#1
Hi All,
Does any one out there have any experience with implementing PCI (Payment Card Industry Security Standards Council) DSS (Data Security Standard)? :bigwave:
 
M

Moonlight17

#4
Thanks Steve,
We are getting started with this and have had a preliminary assessment by a local company as part of our gap analysis.
I have been looking for information posters that we can post on Notice Boards and the intranet to share with staff. Also internal training methods - something basic we can pass on to all production staff.
Do you have anything you can share Steve?

Many thanks
 
#5
Other than a Corporate Information Security Policy ? which I basically pinched from the ?ether? and isn?t really specific to PIC - I haven?t got anything. Sorry.

Steve
 
I

infosaas

#6
Yes, have done two of these so far.

I guess that you have already been to the PCI DSS website and downloaded the assessment framework (now at version 3.0). Much of it is a direct match to some of the elements of ISO27001, whereas the key differences relate to specific technical controls which are not specifically highlighted by the 27k standard.

You also need to categorise your organisation into one of four levels, based around number of card transactions and values, which will determine the approach and resources you to need to become PCI DSS certified. At the top end you will need to engage an "ASV" - an external security scanner approved to highlight technical vulnerabilities, and a "QSA" - an external security assessor to come on-site and conduct the assessment.

Hope this helps ....
 
M

Moonlight17

#7
Hi All,
Happy to share that we had our external assessment to PCI DSS (Level 1) in January and sailed through.

Thanks to all at the Cove for help and assistance. You are all :magic:
 
M

Moonlight17

#9
Hi there Ajay,

Many thanks for your message.
We got through the stage 1 certification in January - no problem.
This was for the document storage/access control/security.

We will move on to stage 2 next - so may be calling for help again soon!!

Thanks again :thanks:
 
Top Bottom