Wait a second.

There’s a painless way to complete a PCI Report on Compliance?

You’ve got to be kidding me.

I’m not kidding you.


1. Perform an accurate and complete scope assessment of your cardholder data environment and make it easy for your QSA to verify and validate.

Don’t know how? Our workshop, “How to Manage Your PCI Scope Without Losing Your Mind” will teach you our 6 step process for managing your PCI scope effectively and efficiently. 

This is an affordable workshop with actionable guidance you can implement right now to achieve the results your next PCI Report on Compliance or self assessment desperately needs.

2. Automate your critical controls and make it easy to self collect evidence with accurate dashboards and robust reporting.

Just about every technology in your cardholder data environment has some kind of reporting functionality. 

Make the time to figure it out and create meaningful and actionable alerting and monitoring processes.

You can’t wait 3 months for someone to tell you that 36 servers stopped logging 4 months ago.

You need to know almost instantly when a server stops logging. The clock’s ticking. You’ve got 24 hours to get that server logging and back into compliance.


Explore the Nolan & Cressey PCI Resource Center

3. Save at least 100 hours of mindless churn by consolidating your interviews and real time observations.

Stop interviewing the same person 15 times because you keep taking each interview requirement in isolation. 

Put it all together in ONE interview and capture the real time observations at the same time. 

Don’t worry, we’ve done the work for you. 

You can download the PCA Consolidated Interview and Observation Schedule and save yourself a 3 month long migraine.

4. Establish a 5 day turn around for all evidence requests.

30 days, 20 days, or even 10 days is too much time to wait for a screen shot that takes 2 minutes for a system administer to capture and send to you.

Give them 5 days and if they’re late, mark the control “not in place.”

When that happens, trust me, you’ll have that screen shot in 3 minutes.

5. Pull your head out your spreadsheets and automate your entire PCI Report on Compliance with Polaris PCA.

Polaris PCA costs $0.67 an hour.

Who can you hire for $0.67 an hour to turn your PCI compliance chaos into business as usual?

Absolutely nobody.

You can’t even buy a cup of coffee for $0.67.

But you can implement Polaris PCA and automate your PCI Report on Compliance processes.

Your PCI Internal Security Assessor (ISA) needs to assess evidence and ensure continuous compliance rather than chase after system administrators for screen shots of config settings.

And your QSA simply needs to test and assess what your ISA has confirmed.

Need Help Stat? See if 1:1 PCI DSS coaching is right for you

Polaris PCA has already been proven to:

  • Save over $100k in outside assessment fees.
  • Reduce the timeline of a Report on Compliance by 12 weeks.
  • Save invaluable hours and dollars by reducing email churn and the amount of overdue evidence.
  • Adopts an Agile approach to managing & sustaining continuous PCI Compliance.

The proof is in the pudding. Let us show you how.

If you prefer the constant chaos of PCI compliance or the constant churn of good employees, keep scrolling.


If you want to end the continuous cycles of PCI Fatigue, employee burnout, and lack of repeatable process, email support@paymentcardassessments.com and let’s chat.

Firewalls and Routers: How to Take Control of Unruly Firewall Rules, Configurations and Network Connections

Best Practice: Developers and system administrators request changes to firewall rule sets all the time. Whether it’s to do work on system components or test system components, these changes can make a mess out of your rule sets. It’s so easy for someone to unintentionally request an “any” rule which is prohibited in the cardholder data environment. Our best advice is to insert your ISA or someone on the compliance team into the firewall rule change review.

10 Critical Responsibilities of a PCI ISA

I remember when I was working as an IT Security Project Manager responsible for the implementation of 10 different security projects for the new. cardholder data at a Fortune 100 Company. They had a job posting for a PCI Compliance Program Manager and I thought, why not?

The job description looked easy enough. In fact, I flipped my resume over on a whim during lunch on a Friday. Got called by the internal recruiter within 20 minutes and was interviewed on Monday and hired by Wednesday.

I had no idea what was really in store for me. Nobody did.

Because nobody I interviewed with understood HOW to run a successful PCI DSS Compliance program for a level 1 merchant.

Leave a Reply

Your email address will not be published. Required fields are marked *

This field is required.

This field is required.

%d bloggers like this: