RuleSafe for PCI-DSS

 

The Payment Card Industry Data Security Standard (PCI-DSS) is a worldwide information security standard assembled by the Payment Card Industry Security Standards Council (PCI SSC). The standard was created to help organisations that process card payments prevent credit card fraud through increased controls around data and its exposure to compromise. The standard applies to all organisations which hold, process, or pass cardholder information from any card branded with the logo of one of the card brands.

In order to maintain compliance with PCI-DSS organisations must put in place and prove the effectiveness of a number of security controls. In particular, Requirement 12 of the standard stipulates: 'Maintain a policy that addresses information security'. Compliance with this and other requirements within the standard are mandatory if organisations wish to continue to process card payments.

 

However, maintaining and communicating the various security requirements to all of the people who need to abide by the numerous controls and procedures needed to maintain the security of cardholder data can be a complex undertaking - particularly if we also wish to avoid overloading employees and others with information that may not be relevant to them.

 

RuleSafe's PCI-DSS knowledge module and knowledge framework allows you to deploy policies as targeted requirements; directed specifically at those workers who need to action them - according to each person's individual role and responsibilities. Furthermore, those internal controls are mapped-back to the various requirements of PCI-DSS, along with human compliance metrics showing how well each policy or control is being followed.

 

As well as showing how well each employee is aware of, has understood, and accepted responsibility for complying with each requirement, RuleSafe deploys audit checklists and self-assessments to collect and display scorecard data for each control; across all systems, groups and divisions within the organisation. RuleSafe's integrated document management system collates data from forms and standards as 'evidential compliance'

 

A 'personal compliance portal' is created and presented to every employee and every manager in your organisation, allowing them to see at-a-glance not only which compliance tasks they need to complete - but also a unique 'benchmarking' system that shows workers and managers how well they are progressing against an average metric of their colleagues or the organisation as a whole.

 

Automated web-channel and email communication keeps everyone's personal awareness and task list updated as changes or updates appear, and keeps managers informed on the progress of their staff. Senior managers and auditors receive real time updates on individual and comparative compliance rating across their respective staff, groups, or divisions, along with their comparative benchmark score.


Latest News

RuleSafe v4.0 released

World's leading GRC software adds 30 new features in v4.0

Cloud/SaaS launched

Low cost cloud-based GRC solution now available

User dashboards:
compliance gets personal

Real time compliance status updates for employees

GRC goes carbon neutral with RuleSafe SaaS

SaaS solution delivers paperless policy acceptance

Announcing PoliServer GRC Appliance

Integrated policy management & awareness solution in a box