Winston Churchill once said “To improve is to change; to be perfect is to change often”. Some might argue that we’ve taken that idea to the extreme and decided to be a society under constant change, in which case we should listen to Mr. Churchill’s further thought, that “There is nothing wrong with change, if it is in the right direction”.
In the case of security and compliance, that constant progress is definitely a good thing. The more secure customer and company data can be kept, the better. Keeping products safe and in good shape along supply lines is also good. All of this comes from improvements in security and compliance, so although new changes can be a pain to comply with, the end result is definitely worth those changes.
In this article we show how an automated auditing and compliance system can benefit businesses affected by PCI security standards changes.
Speaking of Changes
Those who are involved with the Payment Card Industry (PCI) and their Data Security Standards (DSS), you’re probably already aware that version 3.1 was released in April of this year, just as you were preparing to switch to version 3.0. You were likely just getting used to version 2.0.
The summary of the changes involved with this iteration can be seen in this PDF. The primary upshot of the changes is that SSL and early TSL are no longer seen as strong security protocols by the PCI Council, and companies will be out of compliance if they haven’t switched to new TSL or IPSec by June 30, 2016. With brings to mind another great quote about change, this one from Jack Welch: “Change before you have to.”
Change Doesn’t Have to be Stressful
These types of updates are likely to become more regular as our technology keeps racing forward, which means you’re going to have to continue this process over and over in order to stay compliant. That could be a very stressful and time consuming process, but it doesn’t have to be.
One way to avoid the hassles of compliance is by using and end-to-end system that ensures your compliance measures are current by automatically implementing the new rules and altering auditing processes to meet them. That’s what our Compliance Checkpoint app does for you, saving you time, money, and hassles in staying compliant.
As of now you have a year to comply with version 3.1 of the PCI DSS, but based on the time frame between 3.0 and 3.1 were announced, don’t be surprised if another update comes out before that deadline, putting your business in a constant state of change. Let us help you.