Challenge
Compliance with the Payment Card Industry Data Security Standard (PCI DSS) is important for all industries from retail to health care, local and state governments, and everything in between. It is a set of requirements intended to ensure all companies processing, storing or transmitting credit card information maintain a secure environment and follow all current PCI DSS requirements. The year 2020 was an exceptional year presenting its own challenges on a global level due to COVID-19. When the American Water Works Association (AWWA) sought to renew its PCI compliance in 2020, the organization had no idea how the pandemic would affect or disrupt its plans.
Approach
AWWA strategized next steps with Drummond Group. Drummond’s PCI compliance practice offers flexibility throughout a range of services, including advanced cybersecurity, and uses proven methodologies designed with each client’s top priorities in mind. Known for having one of the longest running PCI compliance practices in the industry, Drummond met with AWWA to focus on a solution that would work for all involved. As noted, 2020 was an exceptional year presenting its own challenges on a global level due to COVID-19. In “normal” years, Drummond provides personalized customer services and conducts onsite validation of an organization’s data environment for compliance with PCI DSS requirements. Onsite validations were no longer in consideration.
“Even as priorities shifted in response to a global pandemic, AWWA knew we could not be distracted from our commitment to the security of our customers’ data. Drummond was flexible in giving us just the help we needed to renew our PCI compliance.”
Mike Hiskey
Director of Information Technology
AWWA
Results
Buddy Coley, Drummond’s Senior Security Assessor, took the lead with ease. Yes, the pandemic presented challenges, but it did not deter the drive and enthusiasm from AWWA’s team. “AWWA’s commitment and positivity throughout this unique endeavor was the foundation for their successful assessment,” Coley said. “Working remotely became the norm for all of us, and, ultimately, important milestones were reached throughout their PCI renewal.” With all PCI DSS requirements tested and met successfully over the last several months of 2020, AWWA renewed its PCI compliance. Drummond assisted AWWA in validating and completing the SelfAssessment Questionnaire-D (SAQ-D) and Attestation of Compliance (AOC). “Even as priorities shifted in response to a global pandemic, AWWA knew we could not be distracted from our commitment to the security of our customers’ data,” said Mike Hiskey, AWWA’s Director of Information Technology. “Drummond was flexible in giving us just the help we needed to renew our PCI compliance.” Reinforcing its strong commitment toward PCI compliance, Hiskey now requires the organization’s Service Providers to be PCI compliant prior to engaging as AWWA clients. As it continues to embrace innovations to help make a difference in the communities it serves, AWWA further strengthens its role as a leader in the water industry with its renewed PCI compliance, thus fulfilling its commitment to making a difference for all of its customers and communities, as well as public health.
About Drummond
We are ready to help you achieve PCI DSS compliance and be prepared for regulatory information security mandates. Experience our team of highly skilled experts – having completed over 280 PCI assessments — ready to collaborate with you and your team on your PCI compliance needs. Increase trust, gain expertise, and experience our unique approach and attention as we partner with you to ensure compliance and help you protect what matters most. Let’s start a conversation to see how we can help drive your business forward.