Blog

Style Guide to Creating Good Policies

by Sarah Harvey / June 14, 2023

Countless regulatory compliance and client requirements depend on clear and appropriate policies and procedures to demonstrate how organizations are conducting their business. Without defined policies and procedures, you face the threat of heavy fines from regulatory governing bodies, loss of business, or loss of data. As auditors, we find that many of our own clients struggle with understanding the organization of a policy, what does belong in a policy, what…

Ask the Auditor: PCI DSS Requirements 1 & 2

by Sarah Harvey / June 13, 2023

Last month, in an exclusive online interview, we asked one of our very own Information Security Auditors, Barry Williams, some frequently asked questions about PCI Data Security Standard Requirements 1 and 2. With his specialized expertise, we were able to gain some clarity on the robust information security standard. Here are the highlights from the interview: Q: What are some of the serious consequences you have seen or heard about…

Top 4 Critical Components of a Call Monitoring Program

by Sarah Harvey / June 15, 2023

As the CFPB continues to closely supervise the collections environment, it’s important to analyze and fully understand the areas of risk. One of the biggest risk to a collection agency is communication with consumers, making the monitoring of calls a very telling practice. An effective call monitoring program is a critical component of any compliance management system, mandated by the CFPB, and is a way for organization’s to be able…

Who’s responsible for what? Data flow dynamic of payment card security

by Sarah Harvey / December 16, 2022

Data flow dynamic of payment card security Last month, the Electronic Transactions Association (ETA), a global association which represents those in the payments space, announced a partnership with the PCI Security Standards Council (PCI SCC). This partnership brought the two together at TRANSACT 15, ETA’s annual conference, to present the industry with the most recent PCI DSS updates as well as focus the payments community on data breach prevention and payments…

PCI Readiness Series: PCI Requirements 1 and 2

by KirkpatrickPrice / April 12, 2023

Are you a merchant, service provider, or sub-service provider who stores, processes, or transmits cardholder data? If so, this is a great place to be introduced to the PCI DSS. The PCI Security Standards Council is a third-party organization that was developed for the sole purpose of managing the security of cardholder data. Prior to the PCI Security Standards Council, each payment card brand managed their own security standards. Eventually, the payment…

Style Guide to Creating Good Policies

Ask the Auditor: PCI DSS Requirements 1 & 2

Top 4 Critical Components of a Call Monitoring Program

Who’s responsible for what? Data flow dynamic of payment card security

PCI Readiness Series: PCI Requirements 1 and 2

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.