Types of Exercising Our previous blog about how to deliver a business continuity exercise prompted a number of questions about the types of business continuity exercise and when to use them. So, this week’s blog does just that! Without exercising (we prefer this to testing which implies a pass or fail), an organisation […]
Policies, Procedures and Evidence While it’s one of the areas that IT and security departments find challenging, documentation (and compliant evidence) is what makes for a happy and satisfied PCI Qualified Security Assessor (QSA), and, more importantly, a successful PCI compliance audit! Successful compliance programmes invariably depend on the accurate and consistent recording of events and the […]
In our past blogs, we focused on where to seek information and highlights a recently released report which contains useful and valuable information. We also mentioned about the Horizon Scan Report (2019) by BCI Today we will give an overview of the 2019 Verizon Breach Report Where to start, 2019… another year and another Verizon […]
As a Payment Card Industry Qualified Security Assessor (PCI QSA) company, we are often asked by organisations which process card payments what are main pitfalls to avoid in complying with the Payment Card Industry Data Security Standard (PCI DSS). Well, here’s our top five (5) pitfalls to avoid if your organisation is looking achieve or […]
There’s no getting away from the fact that preparing for a PCI DSS ROC can be a bit of a trial, and particularly for those who are experiencing their first visit from a QSA. Like most trials, the good news is that future visits do get easier as your infrastructure gets up to spec. That […]
In our last blog we addressed merchants, so this time we turn to service providers. A service provider is defined as a ‘business entity that is not a payment brand, directly involved in the processing, storage, or transmission of cardholder data. This also includes companies that provide services that control or could impact the security […]
