In this post, we get insights from Peggy Nolan Principal IT Compliance Analyst at Liberty Mutual Group, Inc. She will present “The Zen of PCI: How To Maintain Compliance Without Losing Your Mind” at the North America Community Meeting in Las Vegas.
Why is maintaining compliance so important?
Peggy Nolan: For starters, maintaining compliance keeps you in good graces with the card brands and allows merchants the ability to continue taking customer payments via credit cards. More importantly, it’s more than checking a box: maintaining compliance contributes to the safeguarding and security of your customers’ credit card data.
What hurdles do organizations face when it comes to maintaining compliance?
Peggy Nolan: Maintaining compliance isn’t always easy. With 253 PCI DSS requirements and sub-requirements across 12 areas, maintaining compliance can be complex and challenging. For example, changes to scope or not having a complete understanding of scope can be a big hurdle as can keeping up with emerging technologies. Life is not static in the compliance space and keeping up with the dynamic changes, threat patterns, and risk factors is nearly always a moving target. It definitely keeps me on my toes.
Why should organizations maintain a sustainability program?
Peggy Nolan: There are so many good reasons why organizations should maintain a sustainability program. You have the opportunity to create repeatable best practices, ensure the security of your in-scope assets, and prevent your annual report on compliance from becoming the next Nightmare on Elm Street.
In your Community Meeting presentation you will outline 6 key principles to a PCI DSS sustainability program, can you preview a couple of these principles?
Peggy Nolan: I honestly believe that anytime you can establish a SYSTEM – something that Saves You Time, Energy, and Money, you’ll be in the winner’s circle. When you create your system to sustain and maintain compliance, begin with the end in mind. Sustaining compliance is 24x7x365. It’s continuous monitoring and continuous improvement. And because sustainability is continuous, you definitely want to keep it simple. Automate evidence gathering whenever and wherever possible, and when you can’t automate, make it easy to collect documentation from your internal resources.
What is the one key takeaway you hope attendees will come away with after your discussion?
Peggy Nolan: Creating a sustainability program isn’t as hard as it seems and it will save you time, energy, and money in the long run.
Want to learn more about maintaining compliance?
