CHAPTER 6: MAINTAINING COMPLIANCE
Once an organisation has achieved compliance with the PCI DSS, it must maintain its level of compliance. This, of course, means making oneself aware of any changes to the PCI DSS itself (the latest version was released in April 2015), as well as maintaining the PCI DSS security environment.
The PCI SSC makes the point this way: technically, it is true that, if you’ve completed a Self-Assessment Questionnaire (SAQ), you’re compliant – ‘for that particular moment in time when the Self-Assessment Questionnaire and associated vulnerability scan (if applicable) is completed. After that moment, only a post-breach forensic analysis can prove PCI compliance. But a bad system change can make you non-compliant in an ...
Get PCI DSS: A Pocket Guide 4th edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
