Claiming PCI Or Any Other Compliance – Daily

Let's be honest: Organizations follow compliance and regulatory requirements like PCI because VISA threatens to fine your company or worse, cut you off from credit card processing.

OMG! I would not be able to process credit card payments, it will cost me untold profit... OMG!

That is more like it, because we all know that if your organization is truly practicing on a daily basis good information security you would be compliant to PCI (just missing QSA certification of course), and you would most likely be in compliance with just about any compliance or regulatory requirements your organization might have thrust upon it.

If you follow and actually practice, perform and maintain a best practice, state of art, best of breed, call it what you will, information security program, you would basically be doing all the right things to become compliant if required. The difference between being secure and being compliant is an organizations maturity model. Practice daily good information security and you will basically be compliant (good maturity). Implement or improve information security for compliance requirements, such as PCI (bad maturity).

More of the article from Michael Gough

Alex Carroll

Alex Carroll

Managing Member at Lifeline Data Centers
Alex, co-owner, is responsible for all real estate, construction and mission critical facilities: hardened buildings, power systems, cooling systems, fire suppression, and environmentals. Alex also manages relationships with the telecommunications providers and has an extensive background in IT infrastructure support, database administration and software design and development. Alex architected Lifeline’s proprietary GRCA system and is hands-on every day in the data center.
Alex Carroll