PCI QSA Consultant Charles Denyer Reveals Top 10 Challenges and Recommendations for PCI Compliance | Part III

8. Intrusion Detection System-Requirement 11 calls for having an IDS in place, thus I recommend snort, an open source IDS. www.snort.org.

9. Policies and Procedures-There are a very large number of various policies, procedures, forms, checklists, etc. that need to be developed for PCI compliance.  And while PCI compliance is considered technical in nature, much is to be done on the more qualitative, soft-side of technical writing. Companies really struggle with this very issue as they simply don’t have the time and resources needed to develop quality, highly customized policies and procedures.  If you take the time to thoroughly analyze each of the twelve (12) PCI DSS requirements and their respective sub-components, you often come across mandates calling for “policies, procedures, authorization forms,”, etc. that need to be developed and implemented into an organization’s daily operational environment.  Your best bet here is to find a reputable, quality firm offering PCI policy and procedure writing or to use a company such as pcipolicyportal.com.

10. Operational Commitments from Internal Personnel-In short, most organizations struggle immensely from an operational perspective with PCI. They either do not have the manpower, applicable skill sets, or budget to provide adequate resources for an engagement of this type. This often leads to delays and missed project milestones for PCI compliance. They have the intent and sincerity of wanting to become compliant, but simply don’t have the resources to achieve their goals in a timely manner.  Thus, one way to remove some of these burdens associated with PCI compliance is to discuss many of these issues mentioned in my top 10 list and what activities can be immediately undertaken to address these pressing concerns.

I hope this list has been helpful to you and please look for more PCI Top 10 lists in the future.

View Part I and Part II of Top Ten PCI Challenges

About Charles Denyer
Charles Denyer is a member of NDB Accountants & Consultants, a nationally recognized boutique CPA and advisory firm specializing in Regulation AB, SAS 70, SSAE 16, ISAE 3402, FISMA, NIST, HIPAA, ISO and PCI DSS compliance, along with other regulatory compliance initiatives. Mr. Denyer is actively involved in numerous professional associations and organizations for a wide range of industries and business sectors. He is also an advanced social media expert, having spent years working in the field of search engine optimization (SEO) and various forms of online marketing and social media.
Mr. Denyer holds numerous accounting and technology certifications along with a Masters in Information and Telecommunication Systems from the Johns Hopkins University and a Masters in Nuclear Engineering. He is also currently an MBA candidate for the Johnson School of Business at Cornell University. He can be reached at cdenyer@ndbcpa.com or at 800-277-5415-ext.705.