Envoy Data provides products and solutions that will meet your agency and clients needs to become SOX/PCI compliant.
Sarbanes-Oxley: The Sarbanes-Oxley Act of 2002 (often shortened to SOX) is legislation enacted to protect shareholders and the general public from accounting errors and fraudulent practices in the enterprise. The act is administered by the Securities and Exchange Commission (SEC), which sets deadlines for compliance and publishes rules on requirements. Sarbanes-Oxley is not a set of business practices and does not specify how a business should store records; rather, it defines which records are to be stored and for how long.
PCI Compliance: No business is ever completely secure, but companies can mitigate their risk and make it much harder and more resource intensive for anyone to breach their defenses. Becoming PCI DSS (Data Security Standard) compliant provides baseline security and is a great first step. But it is critical to implement both the spirit and the letter of the standard.
The payment card industry (PCI) denotes the debit, credit, prepaid, e-purse, ATM, and POS cards and associated businesses.
- What Are You Really Interested In?PCI is all about compliance, not security.
- The Party Is OffHere is the official announcement from the PCI SSC that this year’s North American Community Meeting in Orlando has been cancelled due to Hurricane Irma. https://www.pcisecuritystandards.org/nacm2017_schedule_irma See you all next year.
- PCI Compliance And Financial InstitutionsI remember being at one of the early PCI Community Meetings and someone from the PCI SSC promised that the PCI DSS would be periodically updated to reflect changing business conditions as well as changing threats. Here we are more than a decade later, and we have version 3.2 of the DSS, but it has […]
- Why Voice Over IP Matters“Voice over IP are the most insidious set of communication protocols ever invented by man.”
- NESA – Guidance In Search Of A ProblemOn Thursday, June 29, the PCI SSC held their quarterly Assessor update webinar. One of the more interesting discussions was on the topic of the non-listed encryption solution assessment or NESA. For those unfamiliar with NESA, it is an attempt by the Council to have all end-to-end encryption (E2EE) solutions such as First Data’s TransArmor […]
- We Need A Change To 2.3.bI just wanted to give everyone a “heads up” about some guidance we recently received from the PCI SSC regarding jump boxes or out-of-band (OOB) system management solutions and the use of insecure protocols such as SNMPv1/2 and Telnet. But did everyone know that this solution also requires a compensating control worksheet (CCW)? For years […]
- What Is The Secret?If you are a P2PE-QSA, you have likely seen the documentation required to do a Non-Listed Encryption Solution Assessment (NESA). While the P2PE assessment work program (on which the NESA is based) is available to everyone, apparently the Council feels that only P2PE-QSAs have a right to see the new NESA documentation. Why? My assumption […]
- Answering Some Dream Team QuestionsAfter our PCI Dream Team event on May 17, I thought I would take some questions that do not require long and involved answers and publish them in this post. FYI – I have edited and spell checked these, so they likely do not look like you entered them but they should convey your questions […]
- Thank You To EveryoneWe had a great session yesterday with lots of great questions. We appreciate all of you that were able to attend and submitted questions both through the blog and when we were online. For those that could not attend, the session was recorded so you can play it back on BrightTalk. The session went the full […]
- Talk To The PCI Guru LiveActually, you will get to talk to FOUR PCI Gurus this coming week. Bring us your hardest PCI questions. Follow this link and register for our PCI Dream Team discussion on May 17 (depending on your time zone). I hope to “see” you there. It should be a great time.