[vc_row][vc_column][vc_column_text]As many of our clients are now working remotely, we continue to help them stay compliant with PCI requirements. In fact, our work from home culture allows to continue to serve our clients with no interruptions.

In March, Troy Leach, Senior Vice President, Engagement Officer, PCI SSC, issued a blog that discusses guidance for performing assessments in light of the recent coronavirus outbreak.

The Drummond team of experts have proven methods and practices that exceed the requirements outlined by the PCI DSS. For example, here is how we address two of the areas mentioned by the PCI SSC:

‘Does an assessor need to be onsite?’

Our standard operating procedures include methods that ensure all remote validation is conducted in a matter the provides the necessary level of assurance that the controls assessed are properly implemented to comply with PCI DSS requirements. These procedures ensure that our QSAs can observe processes, examine configurations, collect and analyze evidence and validate compliance with the same level of assurance and confidence as if we were on-site.

‘Maintaining the Integrity of the Assessment’

We maintain the integrity of the Assessment for remote validation using the same principles as if we are onsite. Validation is QSA-led via screen share solutions in which a QSA requests our clients to access QSA selected systems for validation. Requested evidence is presented via screen share as well. If there is a question of a piece of evidence presented that cannot be ruled out as having had the opportunity to be manipulated before being provided, our QSAs will reject the evidence and ask for this to be shown in real-time.

Our PCI highly skilled experts — Qualified Security Assessors (QSAs) — have always had methods and practices that work in times of Shelter in Place for Remote Validation. Therefore, we can state with confidence that we comply with all guidance issued by the PCI SSC for remote validation due to travel restrictions. We are ready to help your organization with PCI Compliance and ensure you meet your anniversary date and assessment with no surprises or issues and achieve ongoing PCI compliance.

Let us know if we can help you in this time of remote work as necessary.[/vc_column_text][/vc_column][/vc_row]