The Payment card Industry Data Security Standard (PCI DSS) is a prescriptive standard that organisations accepting, processing, transmitting or storing credit card information have to comply with. Unlike many standards where various shades of grey may be acceptable, with PCI DSS compliance is black and white. The letter of the requirement must be adhered to, or compensating controls addressing the same rigour and intent as the control must be in place, otherwise the requirement is deemed not in place.
Another challenge with the standard is the understanding of the validation requirements. Organisations that have to follow PCI DSS have to comply with all the requirements. So even though they may validate through the self assessment questionnaire (SAQ), or even only by performing the quarterly scans, they have to be compliant with all the requirements of the standard.
Shearwater understands the intricacies of PCI DSS and has a proven history in information security and can help organisations with all aspects of compliance. Whether it be the provision, implementation and/or management of products, procedures, policies.