EMC Corporation announced expanded consulting services to help organisations meet new guidelines outlined within the Payment Card Industry Data Security Standard (PCI DSS) 2.0, from January 2011.
The new services seek to help organisations reduce compliance costs with the Standard and offer customers what the company calls a holistic and forward-looking approach to risk management.
Importance of PCI DSS
The PCI DSS is a framework of best practice requirements for all organisations that collect, process or store payment card account and transaction information and is designed to protect payment card data throughout the information lifecycle. Due to fines being levied because of non-compliance, significant percentages of company budgets are devoted to compliance-related data security programs like PCI DSS, according to a recent study conducted by Forrester Consulting on behalf of RSA and Microsoft.
Key revisions to Version Two (https://www.pcisecuritystandards.org/pdfs/summary_of_changes_highlights.pdf) reinforce the need for organisations to participate in a thorough scoping exercise before assessment, to understand where cardholder data resides. This allows organisations to adopt a risk-based approach when assessing and prioritising vulnerabilities that is based on their specific business circumstances.
Readiness
EMC’s new PCI DSS Readiness and Response services from EMC Consulting seek to address the PCI DSS 2.0 revisions and help translate business objectives into policies and information risk strategies. Leveraging the security and compliance expertise of RSA, the security division of EMC, these services are delivered through technology, policy and programme development. They also include a recommended separation of function between the PCI assessment itself and readiness and remediation planning.
