PCI compliance can be confusing and challenging when you first start down that path. Even if you have been through a PCI audit, or several, the requirements and vast number of controls can seem overwhelming. There are some things that you can do to make your life, and your assessor’s life, easier and make for a smoother audit.
Know What You Need
Whether this is your first PCI Audit or you are a compliance veteran, review the requirements to get an understanding of what policies you need to have in place. Make sure any new hardware or software that has entered production since your last assessment is configured properly. Make sure you are getting your ASV scans done at least quarterly, and that they pass. See what has changed, or become a requirement as opposed to a best practice. There is no need to understand every nuance of each requirement, but familiarity with the requirements makes them less imposing.
Be Organized and Prepared
With PCI compliance, documentation is important. Many documents, policies and samples are going to be needed. You can help your audit along by having the necessary documents prepared in advance. Also, because there are many documents, it helps to have them organized in a way that they can be found quickly so that you are not shuffling through a mountain of paperwork.
Relax and Fix Issues
The PCI assessment is comprehensive and covers all things within the cardholder environment, from firewalls, to physical security, to policies and procedures. Sometimes things get overlooked. You are busy working to make your business successful. If an issue is discovered, don’t panic. Take the necessary remediation steps to quickly resolve the issues so that your Report on Compliance is successful.
In short, preparation and familiarity with the requirements are helpful when heading down the path to PCI Compliance. Organization is also a major key to making your audit run smoothly. As with any Audit, there is some preparation involved, but in the end, having your cardholder data environment secure and safe from data breach or minimizing your exposure to a hacker and having your customers trust by keeping their data safe speaks volumes about your business reputation.