Release of Free Solutions Referral Tool for Business Community
NEW YORK, Sept. 11 / / -- To help smooth the path to PCI Data Security Standard (PCI DSS) compliance, the Payment Card Industry Security Vendor Alliance (PCI SVA) today released a free tool (http://pcialliance.org/research_gate.html) that enables merchants and other PCI DSS regulated businesses to identify software and service providers for any specific DSS requirement. The tool includes inexpensive, optional software packages that helps regulated businesses quickly and easily conduct a detailed, formal risk analysis as required by PCI DSS section 12.
Most small and many large merchants are still working to fully comply with PCI DSS. For some merchants, who lack a compliance and/or security officer, it can be a struggle to understand how the PCI DSS requirements match up to the security market sectors, and how to properly complete the PCI DSS self- assessment questionnaire, according to a recent SearchSecurity article. This new tool from the PCI SVA is designed to help with both these issues.
The PCI SVA custom-built Risk Assessment software enables merchants and other PCI DSS regulated businesses to easily conduct a complete PCI DSS data security risk assessment. The final output of the assessment includes a list of missing requirements that links to software and service providers whose offerings address shortcomings found during the assessment.
Listings in the Risk Assessment Tool's directory of solution providers will only be open to PCI SVA member organizations. Vendors of PCI DSS - related software and services are encouraged to join the PCI SVA and complete the Services Inventory Form, so that they may have their solutions included in the database. The database contains a listing of SVA Member's software and services matched to the 200+ requirements of the PCI DSS.
"We believe that this Risk Assessment tool will help demystify the process of mapping the requirements of PCI DSS to the security marketplace," said David Taylor, president of the PCI SVA and Protegrity's Vice President Data Security Strategies. "And we urge vendors who have not yet joined PCI SVA to do so now, as we want the tool to include the broadest range of information from the security and privacy software and services vendors as possible."
The first release of the free PCI Security Vendor Alliance Solutions Selection Tool is currently available to any merchant who wants it. A more comprehensive risk assessment tool is also available for a small fee.
The Payment Card Industry Security Vendor Alliance (PCI SVA) is a non- profit organization formed to educate the business community on the requirements and business value of the Payment Card Industry Data Security Standard (PCI DSS). The standard is published and managed by the PCI Security Standards Committee, which is not affiliated with the PCI SVA.
A June 2007 study by the Aberdeen Group noted that approximately one-third of "best-in-class" organizations surveyed -- and nearly half of the industry average -- had not completed formal risk assessments for all system components in the cardholder data environment. "The first step is to understand where and how cardholder data is flowing in your current environment," said Derek E. Brink, vice president and research director at Aberdeen Harte-Hanks. "From there, a risk assessment and gap analysis that compares your existing security controls to those specified by the PCI DSS is a critical next step towards the ultimate goal of achieving and reporting PCI compliance."
To learn more about the PCI SVA, and to apply for membership, visit the Security Vendor Alliance website www.pcialliance.org/ or email email@example.com.
About PCI SVA
PCI SVA (http://www.pcialliance.org/) assists members of the payment card industry, composed of merchants, banks and point-of-sale vendors, in educating the business community on the requirements and business value of the Payment Card Industry (PCI) Data Security Standard, a global benchmark intended to improve security throughout the entire payment card transaction process.
Source: PCI SVA
Web site: www.pcialliance.org/