Blog

Policies, Procedures, and Standards

by KirkpatrickPrice / December 19, 2022

We find that most organizations struggle with the documentation aspect of a PCI assessment. Established best practice states, "If it's not written down, it's not happening." Organizations need documented policies, procedures, and standards to control risks to business assets, but to also have a common understanding and language to create consistency among the culture of your organization. Small organizations often question why they need to document how their organization runs, especially if…

Establishing the Scope of Your Cardholder Data Environment

by KirkpatrickPrice / December 22, 2022

Properly scoping your environment is the most important initial step of becoming PCI compliant. The scope of the Cardholder Data Environment (CDE) determines the extent to which all PCI DSS controls must be in place. If an asset is in scope, all controls will apply. If an asset is not in scope, then there’s no concern to PCI. Errors in scoping can lead to serious consequences, so it’s important to…

The 12 PCI DSS Requirements

by KirkpatrickPrice / December 21, 2023

This exclusive video series, PCI Demystified, was developed to assist your organization in understanding what Payment Card Industry Data Security Standard (PCI DSS) is, who it applies to, what the specific requirements are, and what your organization needs to do to become compliant. The 12 PCI DSS Requirements The PCI DSS was jointly developed by the payment card brands to encourage and enhance cardholder data security and facilitate the broad…

Introduction to PCI DSS: What You Need to Know

by KirkpatrickPrice / December 19, 2022

This exclusive video series, PCI Demystified, was developed to assist your organization in understanding what the Payment Card Industry Data Security Standard (PCI DSS) is, who it applies to, what the specific requirements are, and what your organizations needs to know and do to become compliant. Why was PCI DSS developed? The PCI Security Standards Council is a third-party organization that was developed for the sole purpose of managing the security of…

Using your HIPAA Risk Analysis

by Sarah Harvey / June 14, 2023

Congratulations! You’ve completed your initial comprehensive HIPAA risk analysis, no easy task. You’ve gone through the process and planned for and scoped your environment. You’ve identified your risks, threats, and vulnerabilities, and all of the associated requirements necessary to conduct and complete a HIPAA risk analysis. So, now what? Let’s focus on five important steps for using your HIPAA risk analysis; Internal Reporting, Management Responsibilities, Corrective Action, Monitoring, and Auditing.…

Policies, Procedures, and Standards

Establishing the Scope of Your Cardholder Data Environment

The 12 PCI DSS Requirements

Introduction to PCI DSS: What You Need to Know

Using your HIPAA Risk Analysis

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.