As your organization begins to lay the groundwork for their 2015 PCI 3.0 Audits, take a look at the following services to better prepare:
1. Perform a PCI Pre-Audit First – The most critical preliminary service is a PCI Pre-Audit to assess your readiness for PCI 3.0. The Pre-Audit will help identify your missing or lacking controls and provide a remediation roadmap to ensure you attain 3.0 compliance.
2. Risk Assessment – PCI Audits have always required the performance of “formal” risk assessments, but it is becoming a greater focus with 3.0. Organizations should perform an annual risk assessment that identifies threats, vulnerabilities, and controls that could impact the security of card holder data.
3. Incident Response (IR) Testing – Organizations should ensure that their IR Plan meets the PCI 3.0 requirements, including annual testing to verify that their IR processes are effective.
4. Cyber Liability Insurance Review – Organizations should review their security controls to ensure that they have taken every precaution to prevent breaches in accordance with their cyber liability insurance policy. In the event of a breach, if your organization is determined to be non-compliant, you might not be covered by your policy and deemed liable for more than you expect.