Earlier this decade, I was guilty of sounding the compliance alarm. I moderated dozens of CIO events focused on Sarbanes-Oxley, HIPAA (Health Insurance Portability and Accountability Act) and other corporate compliance mandates. These days, PCI DSS (Payment Card Industry Data Security Standard) has our collective attention, and clear implications for managed service providers. Here’s why.
PCI DSS is designed to protect payment cardholder information and must be implemented by members, merchants and service providers–including managed service providers. MSPs that stumble with PCI DSS can be fined up to $500,000 per incident of non-compliance.
MSP platform providers have been working overtime to describe their PCI strategies. Third Brigade, for one, recently joined the PCI Security Standards Council, which strives to help organizations reduce the cost of adopting payment card security standards. Third Bridgade launched its MSP partner program in September 2007. Other MSP specialists focused on PCI include nCircle, Verizon, Cybera and Coolcat.
Ignoring PCI DSS doesn’t seem to be an option. The standard is strongly endorsed by American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa Inc.
For more on PCI, check out this overview from ZDnet.
Posted In: Managed Security Services | PCI | Payment Card Industry | Platforms | Third Brigade
Interact: Add a Comment | Trackback Link | Permalink
Share: digg | del.icio.us | Technorati | StumbleUpon
Subscribe: RSS Feed
MSPs need to be very careful with PCI. Security platform providers are making some wild claims. Do your research by contacting the PCI Security Standard Council with questions.
Outsourcing all of section 10 (log management)specifically to a MSP is a smart decision to save on cost and man power.
d80d86bb4f58…
d80d86bb4f58f94eaa7e…