Are you tired of chasing after system administrators for PCI evidence during an assessment?
I know that you’re exhausted and frustrated.
And I bet you know all the lame excuses.
“I’m too busy”
“I didn’t get the email”
“I gave that to you 6 months ago”
“Why can’t you just use what I gave you last time”
If I had a dime for every excuse…I’d be rich.
There’s this old saying: “When you’re sick and tired of being sick and tired, you’ll do something to change.”
Likewise, there’s this old saying: “You get what you tolerate.”
For too long I tolerated bad behavior from colleagues and co-workers. Are you tolerating the same poor behavior?
You don’t have enough time in the day to chase after system administrators and manage a PCI DSS Compliance program at a Level 1 Merchant.
What can you do right now that won’t cost you an arm and a leg?
Implement This Tip Today!
Here’s what I did.
And this one change made a big difference.
I gave system administrators five business days to respond to the assigned ticket and upload their evidence.
Five days to complete a five minute task of logging into a system and snapping a screen shot.
I communicated what would happen if the evidence wasn’t provided within five business days.
The requirement (or requirements) automatically moved to “not in place” on the JIRA board and their manager received an automatic escalation email.
The overdue status showed up on a weekly status report that I sent to the Chief Information Security Officer and the executive leadership team.
Harsh?
No.
Continuous PCI DSS Compliance means business as usual. The tasks assigned to system administrators were part of their job responsibilities.
Getting a configuration screen shot of your management console isn’t heavy lifting. Sure, it’s annoying but not something worth dragging your feet on or making your manager look silly in a PCI Compliance status meeting.
This one strategy reduced procrastination and quickly exposed controls that were actually failing.
A five day turnaround time for evidence won’t solve all your PCI DSS Compliance challenges but it will reduce the exhaustion and frustration with chasing down evidence.
You can implement this today and it won’t cost you a dime.
Your sanity is worth it.
What Would Your PCI Compliance Program Look Like If You Automated the Collection of Evidence?
We can help you with that. Let’s schedule a time to chat. What time works best for you?