An Explanation Of What PCI-DSS ROC Audits Are
PCI-DSS ROC Audits are a shorter way of saying Payment Card Industry Data Security Standard Report On Compliance. As the name suggests, this is an audit of your network security controls pertaining to the transmission, usage, destruction, and collection of vital credit card data.
This type of audit is meant to apply to Level 1 PCI merchants and businesses, and consists of a formal audit by a PCI QSA, (Payment Card Industry Qualified Security Assessor). The PCI-DSS Standard is a proprietary standard, the scope of which applies to most, if not all, major credit card authorities such as Visa, American Express, Mastercard, and Discover. It is important to note here that private label cards, or other such cards not issued from major companies like those just mentioned, are not within the scope of the PCI-DSS.
A PCI-DSS ROC Audit is the de facto means of ensuring that your credit card information safeguards are up to par, and that your network security measures are strict enough. In all, there are twelve requirements we will examine to ensure you achieve compliance:
- Installation and maintenance of a firewall
- Over-riding or replacement of all vendor-supplied security defaults, such as passwords
- Protection of all stored cardholder information
- Ensure all transmission of card data is properly encrypted
- Installation and updating of appropriate anti-virus software
- Create and maintain a culture of system and network security
- Appropriately restrict all access to card data on a “Need-To-Know” basis
- Ensure proper unique identification of all individuals with system access
- Restrict physical access to card information
- Inspect and record all access traces of individuals to cardholder data
- Ensure regular assessment and updating of security measures
- Enact and maintain an Information Security Policy
The Many Benefits Of PCI-DSS ROC Audits
A PCI-DSS ROC Audit is required of all Level 1 merchants, so if you are a Level 1 merchant, Ezentria would be delighted to help you take care of this important business requirement. The biggest benefit here is that without this audit, you may find yourself legally incapable of doing business!
If your company is not considered a Level 1 merchant, certain business reasons might exist which would make such an audit beneficial. If you are not certain one way or the other, we here at Ezentria would be delighted to help you come to the correct decision on the matter. If you don’t need one, we will tell you!