Managing the security of financial transactions using credit cards and on-line payment systems is complex and problematic. At the same time, compliance with PCI DSS v4.0 requirements is essential, since system breaches and data corruption within a merchant organisation carries the threat of sanctions or expulsion from the credit card provider.
To manage this situation, 27k1 Ltd has integrated the PCI DSS v4.0 standard with its 27k1 ISMS software, creating 2 class leading compliance solutions:
1. The 27k1 ROC Management System (RMS), for use by PCI SSC approved QSA’s
2. The 27k1 SAQ Management System (SAQMS), for use by Level, 1, 2 and 3 Merchants
For QSA companies, completing the Report On Compliance for their Level 1 clients is an arduous task. The ROC requires accurate responses to 12 Requirements sections comprising in excess of 300 questions, with responses supported by Risk Assessments, Appendices, Network Scans, Diagrams, Interviews and more.
From selection of a Self-Assessment Questionnaire – SAQ, the correct PCI DSS v4.0 requirements are presented along with actions that need to be undertaken. Full progress reporting assists this activity, along with feature rich, automated reports.
Selection of more than one SAQ will enable a combined approach to be selected, automatically populating SAQ D with any exclusions nominated as “Not Applicable”, with a supporting justification.
Companies and ISA’s using the 27k1 SAQMS will benefit from this functionality as well as being able to run Risk Assessments on all IS Assets, manage Documents, take Audits, control their entire ISMS and produce rich, granular reporting.
Compliance work within the 27k1 software automatically populates SAQs, Appendices, Worksheets and the AOC. The software retains this work, so that subsequent SAQ completion in following years is fully supported.
The system has been architected to enable remote access by QSA’s so that they can support their clients.
Jeremy Martin, Co-Founder at 27k1 will be demonstrating this ground-breaking software at September’s PCI SSC Community Meeting .