Five Steps to Effective PCI Programmes
The five steps presented here bring together our leanings and should form part of a holistic approach. Each stage is as important as the last and the success as a whole is down to all five aligning.
1.Scope and de-scope:
Imagine your scope is like a lawn — the smaller the lawn the easier it is to maintain it. Map out your scope and understand your processes.
2 .Engage a specialist:
You need an expert OSA that can advise your teams so that everyone is clear on the roadmap ahead of them (See our top 5 qualities of a good OSA to help you with your selection process).
3. Get the board on board :
To run a successful PCI programme you are going to need two things: budget and resources. It's time to put together a business plan to secure these two things.
4.Set up a steering committee :
You will need to set up an in-house team. Your team will consist of someone from each part of the business that is affected by PCI DSS. It should consist of the key business stakeholders and report directly to the board.
5.Define the target operating model
Consider this to be your blueprint of how the Cardholder Data Environment (CDE) would look when you are finished. Even though we have listed this as the final step, it's actually the first thing you need to think about. Have your end game at the front of your mind before you start anything.
.png)
No comments:
Post a Comment