Truvantis Blog

Changes to SAQs for PCI DSS v3.2.1

Last month I wrote about the new PCI DSS standard version 3.2.1 and how nothing of significance had changed.

Though that remains true, the supporting documents have now been released and there is a change there that may impact your compliance and validation programs.

Read More

Topics: PCI DSS

What's new in PCI DSS 3.2.1

In May 2018, the PCI Security Standards Council, the authors of the PCI DSS standard, issued a new version of that standard - version 3.2.1. Let's review the changes from 3.2 to 3.2.1

Read More

Topics: PCI DSS

How much of your Information Security function can you safely outsource?

Outsourcing is now very common among technology companies. Sometimes a whole function is delegated externally such as accounting, HR, marketing. Even R&D can be delivered by remote teams, often in other countries.

So what about information security?

Read More

Topics: PCI DSS, SOC2, vCISO, HIPAA, CIS Controls, Security Program

7 Advantages of using a "virtual CISO" (vCISO)

A growing trend in the world of Cyber Security is the outsourcing of some or all of the Information Security team.

This can be just a small part - vulnerability management; vendor risk management; responding to customer questionnaires. It could be just the leadership function, a virtual CISO or vCISO. Or it could be the entirety of the Information Security team.

As you evaluate the pros and cons of in-house vs. outsourced, consider the following.

Read More

Topics: PCI DSS, SOC2, CISO, vCISO, HIPAA, CIS Controls, Security Program

Common Key Controls Tested in PCI DSS assessments

As a company interested or required to become PCI DSS compliant, there are a list of key controls you must have in place and have proper auditing around to provide the PCI DSS auditors with during the testing period. Being able to easily identify where these controls live and how they are managed within your organization is primal. This article will give you a comprehensive overview of controls you need to get a jump start on the PCI DSS certification.

Read More

Topics: PCI DSS

Subscribe to Email Updates

Recent Posts

Contact Us