Envoy Data provides products and solutions that will meet your agency and clients needs to become SOX/PCI compliant.
Sarbanes-Oxley: The Sarbanes-Oxley Act of 2002 (often shortened to SOX) is legislation enacted to protect shareholders and the general public from accounting errors and fraudulent practices in the enterprise. The act is administered by the Securities and Exchange Commission (SEC), which sets deadlines for compliance and publishes rules on requirements. Sarbanes-Oxley is not a set of business practices and does not specify how a business should store records; rather, it defines which records are to be stored and for how long.
PCI Compliance: No business is ever completely secure, but companies can mitigate their risk and make it much harder and more resource intensive for anyone to breach their defenses. Becoming PCI DSS (Data Security Standard) compliant provides baseline security and is a great first step. But it is critical to implement both the spirit and the letter of the standard.
The payment card industry (PCI) denotes the debit, credit, prepaid, e-purse, ATM, and POS cards and associated businesses.
- Q4 2017 QSA UpdateOn December 7, 2017, the Council held their last QSA Quarterly Webinar for the year. The following are the more notable tidbits offered up that should be passed around so that everyone has the information. The Next Revisions Of The PCI DSS And PA-DSS Emma Sutcliffe had a quick discussion of updates to the PCI […]
- Deadlines Coming SoonA good reminder that there are a number of deadlines coming in January 2018. PCI Requirement Changes Coming in 2018
- Chrome And RedirectsA bunch of us saw this Wired article the other day and began thinking, “I wonder if this will screw up any of our clients’ eCommerce sites?” After all, a LOT of eCommerce sites went with redirects to reduce their PCI scope, so there is a big potential here for issues if Google does not […]
- Can A QSA Rely On An ISA’s Assessment Work?Questions have been asked at various Community Meetings over the years regarding reliance on internal and external audits, but none of us discussing this question could remember anyone asking the Council about ISAs. The reason this issue repeatedly comes up is due to organizational audit fatigue. With standards such as PCI, NIST, ISO and the […]
- Interesting Tidbits Out Of The PCI European Community Meeting Assessors SessionUsually the European Community Meeting uneventfully passes because everyone reads the slide decks, Twitter feeds and feedback from the North American CM. However, with the cancellation of this year’s North American CM due to Hurricane Irma, that gave the EU CM the spotlight. While we will all get the slide decks (and supposedly videos) via […]
- What Are You Really Interested In?PCI is all about compliance, not security.
- The Party Is OffHere is the official announcement from the PCI SSC that this year’s North American Community Meeting in Orlando has been cancelled due to Hurricane Irma. https://www.pcisecuritystandards.org/nacm2017_schedule_irma See you all next year.
- PCI Compliance And Financial InstitutionsI remember being at one of the early PCI Community Meetings and someone from the PCI SSC promised that the PCI DSS would be periodically updated to reflect changing business conditions as well as changing threats. Here we are more than a decade later, and we have version 3.2 of the DSS, but it has […]
- Why Voice Over IP Matters“Voice over IP are the most insidious set of communication protocols ever invented by man.”
- NESA – Guidance In Search Of A ProblemOn Thursday, June 29, the PCI SSC held their quarterly Assessor update webinar. One of the more interesting discussions was on the topic of the non-listed encryption solution assessment or NESA. For those unfamiliar with NESA, it is an attempt by the Council to have all end-to-end encryption (E2EE) solutions such as First Data’s TransArmor […]