Top data management strategies to maintain PCI DSS compliance

Top data management strategies to maintain PCI DSS compliance

Top data management strategies to maintain PCI DSS compliance

Date: Jan 25, 2013

The Payment Card Industry Data Security Standard (PCI DSS) is nothing new, but the specificity and constant evolution of PCI rules often creates compliance headaches for organizations.

As PCI DSS compliance best practices change, they require organizations to reconsider the technology used to store, process and transmit cardholder data, said Mike Chapple, IT security manager at the University of Notre Dame in Notre Dame, Ind. This forces companies to continually adapt processes to maintain PCI DSS compliance, he said, especially data management strategies.

"There are strict requirements in the standard that dictate the types of cardholder information you may collect, the ways you store it and transmit it, and how long you may retain it," Chapple said during a SearchCompliance.com/SearchSecurity.com webcast on data management strategies and PCI DSS. "PCI DSS requires that you develop solid data management practices that apply to both the way you handle sensitive cardholder information and the log and audit data."

More on PCI DSS compliance

The keys to PCI scanning compliance

Podcast: Overcoming common PCI compliance obstacles

The best way to create a symbiotic relationship between PCI DSS compliance and data management boils down to one simple phrase, Chapple said: "Reduce your scope." In other words, by reducing the number of systems, applications and even the number of people involved in credit card processing, the easier PCI DSS compliance is from a data management standpoint.

"There is a lot of data you have to be able to track and maintain as part of your PCI DSS data management program," Chapple said. "Simplifying and streamlining is really one of the core essential practices that successful organizations follow as they build their PCI DSS implementation programs."

In this video webcast, learn more about PCI DSS data management best practices as Chapple provides a high-level look at PCI DSS compliance rules and the specific tools and strategies that can help organizations manage data subject to these PCI DSS standards.

Let us know what you think about the story; email Ben Cole, associate editor. For IT compliance news and updates throughout the week, follow us on Twitter @ITCompliance.

More on PCI compliance

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: