19th PCI London
3 July 2019, London, UK
The challenge of continuous PCI DSS compliance
How to meet the key technical and organizational issues created by the Standard
PCI DSS presents a unique challenge to compliance professionals. The technical complexity of the Standard, and the granular understanding of both business and technology processes required to implement it, impose a huge burden on organisations of all sizes as digitalization of payments and commerce in general accelerates.
The detail in the Standard, in contrast to the vague, principles-based approach in key data privacy legislation, places huge emphasis on tracking and monitoring access, access automation and control, ensuring effective segmentation and scoping and security testing. This means that PCI DSS compliance makes specific demands across a range of key enterprise technologies and processes.
The problems for any compliance function faced with this level of complexity are manifold: does the compliance function have the required level of technical expertise? If not, does internal IT and is compliance the right team to liaise with them? And if not, who are the right people to interpret the Standard for the organisation, engage third-party help, and evaluate and buy the complex solutions needed for compliance?
And what kind of compliance function is equipped to monitor and test continued compliance? The difficulty is reflected in the fact that most companies review compliance just once a year - meaning that they do not comply most of the time. The difficulties are enormous, so what is the right approach and who in the enterprise should be held accountable?
The 19th PCI London will look at the latest in the processes and technologies used to protect payment and personal data. There will be real-life case studies, strategic talks and technical break-out sessions from PCI teams behind some of the world's most admired brands, who know, just like you, that payment security is now more important to business than ever.