creditcard swipe


                            

creditcard and key
Monthly NewsLetter
Issue: July 2009
About

Many of you have recently been added to our Compliance, Security and GRC NewsLetter mailing list. This is informational news comprising the latest on Compliance related topics and other IT Security & Governance updates that we will be providing to all of you periodically. If you have a good article to share for future editions , please email to [email protected]

Successeful IT GRC conference in Bangkok
creditcard and key
ControlCase held an IT GRC conference last month, in Bangkok, Thailand.

The event focussed on practical experiences and implementation strategies from across the globe in the areas of Compliance, Risk Management and the overall GRC convergence.

The conference was a great success with participants involved in the event coming from various various countries including USA, UAE, India, Pakistan, Kuwait, Saudi Arabia, Thailand and Indonesia.
In This Issue
Successeful IT GRC Conference
Requirement for Level 2 merchants
PCI DSS certification process undergoes 2 major changes
ControlCase Compliance Notifications
Quick Links
Join our emailing list!
creditcard swipe
Level 2 merchants now required to complete onsite QSA audit
 
creditcard and keyAs per the MasterCard website, all Level 2 merchants are now required to do an on-site validation annually through a certified QSA. Previously, level 2 merchants were required to fill out a Self Assessment Questionnaire only.
 
The merchant levels are defined by MasterCard as shown in the matrix here.
Start assessment early due to enhanced ControlCase PCI DSS process
      creditcard and key
As part of continually refining its methodology, ControlCase has made two additions to its annual PCI DSS certification process. Due to these changes, ControlCase would reach out to its clients much earlier than usual in the future before every annual audit. These changes have been put in part to reduce the risk of cardholder data loss post certification.
 
 
The 2 changes that account for the early notification are -
a)  ControlCase process now includes mandatory ControlCase Compliance Scanner run within entire client environment (instead of just a sample). This would help identify any cardholder data within the enterprise.
b)  Internal QA review has been strengthened significantly over the past 6 months and hence the process from onsite audit to generation of final report is taking up to 30 business days.
Notifications for compliance activities
 
creditcard and keyControlCase has now set up a prebuilt calender for its clients, which would notify the concerned personnel during the course of the year with notifications for various compliance activities to PCI DSS and other regulations.
 
Once a notification is recieved, the details of what one needs to do can be found in this brief handbook.
Please let us know any suggestions you may have. Also, please feel free to forward this to other people who would find this newsletter useful.
 
Sincerely,
 
ControlCase Team