The Payment Card Industry Data Security Standard (PCI DSS) is nothing new, but the specificity and constant evolution of PCI rules often creates compliance headaches for organizations.
As PCI DSS compliance best practices change, they require organizations to reconsider the technology used to store, process and transmit cardholder data, said Mike Chapple, IT security manager at the University of Notre Dame in Notre Dame, Ind. This forces companies to continually adapt processes to maintain PCI DSS compliance, he said, especially data management strategies.
"There are strict requirements in the standard that dictate the types of cardholder information you may collect, the ways you store it and transmit it, and how long you may retain it," Chapple said during a SearchCompliance.com/SearchSecurity.com webcast on data management strategies and PCI DSS. "PCI DSS requires that you develop solid data management practices that apply to both the way you handle sensitive cardholder information and the log and audit data."
More on PCI DSS compliance
The keys to PCI scanning compliance
Podcast: Overcoming common PCI compliance obstacles
The best way to create a symbiotic relationship between PCI DSS compliance and data management boils down to one simple phrase, Chapple said: "Reduce your scope." In other words, by reducing the number of systems, applications and even the number of people involved in credit card processing, the easier PCI DSS compliance is from a data management standpoint.
"There is a lot of data you have to be able to track and maintain as part of your PCI DSS data management program," Chapple said. "Simplifying and streamlining is really one of the core essential practices that successful organizations follow as they build their PCI DSS implementation programs."
In this video webcast, learn more about PCI DSS data management best practices as Chapple provides a high-level look at PCI DSS compliance rules and the specific tools and strategies that can help organizations manage data subject to these PCI DSS standards.