PCI Compliance and Coronavirus (COVID-19)
Author: Clive Boonzaaier CISM, Director of GRC & Data Protection Officer, UK
Payment Card Industry Data Security Standard (PCI DSS) compliance may not seem high on many people’s radar in these challenging times due to social distancing, remote working and in many cases, countries have implemented lockdown rules preventing QSA’s from performing onsite assessments. New guidance released by the PCI SSC now means that formal assessments can be done remotely and the PCI SSC has provided instructions for QSA’s to do so effectively.
To ensure organizations meet their PCI DSS compliance deadlines, we are reaching out to all merchants and service providers who are either due or have their date to compliance set during the next 6 months and suggesting that they start scheduling their PCI DSS compliance assessments now.
The reason Cipher recommends starting now is because the PCI DSS assessment model of onsite working is not possible in the current environment. Most people are now working remotely and might not be available at the same time or for prolonged times to work with the assessor.
The result is that, if not adequately handled in advance, the assessment time will extend over potentially a much longer period of time which could jeopardize companies meeting their compliance deadline.
Cipher’s assessors are fully able to help you with your 2020 PCI compliance by performing the assessment work remotely. We are ready and able to work with companies to meet the challenges of the current environment. To get started with an engagement, send us a message.