ControlCase

IT Certifications, Continuous Compliance and Cybersecurity Services Provider

You are here: Home / Blog / Key Aspects for PCI DSS Continuous Compliance While Working From Home!

ControlCase follows 3 main principles for Continuous Compliance Management – People, Technology and Processes. Below are Key Aspects your organization should be considering to ensure continuous compliance while working remotely.

PEOPLE
– The only way assessments will maintain value when done remotely is to adopt a partnership approach with assessors and implement continuous compliance solutions as an organizational cultural shift.
– Assessors should maintain their structure for an onsite audit; but instead use video calling and screen sharing to provide evidence and conduct interviews as a part of the assessment.
– Management must review user access privileges, including printing reports at home computers.

TECHNOLOGY
– Organizations should engage with vendors who have the infrastructure and expertise to provide remote testing (vulnerability assessment / penetration testing/ application security testing) capabilities for meeting the continuous compliance monitoring requirements.
– Sensitive data should only be accessible via secure encrypted channels like VPN and include additional security measures such as two-factor authentication.
– Implement additional controls that ensure sensitive data cannot be copied into or transmitted from local systems.
– Organizations hosting their environments in the cloud should consider working with vendors who can provide tools to directly connect with their cloud infrastructure and automatically collect evidence. This will reduce time in interviews to only the necessary questions and gaps.
– Organizations should ensure implementation of strong end-user security and access control architecture for remote end-users.

PROCESSES
– Controls specific to remote management and remote access need to be assessed with additional sampling and checks; this ensures integrity and confidentiality of sensitive data (e.g. card data) accessible to employees working from home.
– Review and conduct risk assessment process for remote employees.
– Automated evidence collection tools and scripts to be provided to customers during assessments to ensure that evidence can be remotely collected. A centralized evidence collection dashboard helps ensure all remote evidence is collected and stored properly.
– It is crucial to remotely enable other security business as usual activities such as; internal/external scans and tests, firewall reviews, card data discovery, SIEM, log monitoring, periodic user reviews etc.

Click Here to Read More

Email Kimberly Simon at ksimon@controlcase.com to schedule a demo of our methodology for PCI DSS compliance in the remote working environment.

Related Blog

Why Fortune 500 Companies need Continuous Compliance?
Continuous compliance is a Software as a Service offering from ControlCase where it continuously reviews your IT compliance posture to ensure you are meeting IT regulations and standards that apply to your organization.
Why does every Organization need Continuous Compliance?
Continuous compliance is a Software as a Service offering from ControlCase where it continuously reviews your IT compliance posture to ensure you are meeting IT regulations and standards that apply to your organization.
How to Manage PCI DSS Compliance Using Zero Trust Principles.
The PCI DSS provides guidelines for securely processing, storing or transmitting payment card data. It aims to protect organizations and their customers against payment card fraud and is made up of 12 requirements or control objectives that comprehensively protect the payments ecosystem.
The best way to be ready for audit anytime - Continuous Compliance
Compliance is a critical element of modern business. It needs to be continuously maintained if organizations want to avoid falling foul of increasingly large fines and penalties.
"One Audit" for IT Security Compliance Explained!
The One Audit solution provides the ability for organizations to perform a single audit and certify/comply with multiple regulations including but not limited to PCI DSS, ISO 27001, BITS FISAP, HIPAA, SOC 1/2/3, and FISMA NIST 800-53.
About the PCI Software Security Framework
The PCI Secure SLC Standard provides a baseline of requirements with corresponding assessment procedures and guidance to help payment software vendors design, develop, and maintain secure payment software throughout the software lifecycle. Enabling organizations to build more secure payment software.

About Us

ControlCase is a global provider of certification, cybersecurity, and continuous compliance services. ControlCase is committed to empowering organizations to develop and deploy strategic information security and compliance programs that are simplified, cost-effective, and comprehensive in both on-premise and cloud environments.
ControlCase offers certifications and a broad spectrum of cyber security services that meet the needs of companies required to certify to PCI DSS, HITRUST, SOC2, CMMC, ISO 27001, PCI PIN, PCI P2PE, PCI TSP, PCI SSF, CSA STAR, HIPAA, GDPR, SWIFT, and FedRAMP.