Don’t Jeopardize Your PCI DSS Compliance Program By Making This Mistake
Imagine this…
You’re putting together a remediation plan that requires $2.5 million to get your PCI DSS Compliance program compliant.
New requirements can be costly.
And asking the CIO or CFO for more money that wasn’t part of the original budget is a bit stressful.
But it must be done.
You put your plan together.
Create your slide deck.
And you ensure that the additional budget you’re asking for is back up by hard facts.
In the off cycle budget meeting it’s your turn to be in the hot seat.
You take a deep breath and describe the challenges the new version of PCI DSS poses and the cost to remediate the gaps.
There’s multiple projects that need funding…internal and external dollars.
All totaled…it’s $2.5 million to bring your Cardholder Data Environment into compliance (and more secure).
As you go through the projects that need funding, your CIO stops the meeting.
Gulp.
Your CIO turns to a senior executive on his team and says,
“I thought you said that we don’t have to worry about PCI anymore?” It was more of a question than a statement.
The executive replies, “Well, we don’t store it anymore.”
And that right there my friends is an egg on your face mistake that jeopardizes your entire PCI Compliance program.
When senior leadership doesn’t understand the full definition of scope, you’ll fight an up hill battle until you get everyone on the same page.
Understanding what’s in scope is as important as breathing oxygen.
Have no fear! We’ve got you covered with this handy mini guide you can share with ALL your PCI Compliance stakeholders, including C-Suite executives
