How to Address PCI Compliance Challenges within Your Security Operations Program

October 22, 2019 • Published Categories Best Practices Tags ,

When you’re a security consultant like I am, you tend to interact with a lot of stressed out IT folks. The first conversation usually begins something like this:

Client: “We’re being asked to comply with the PCI DSS and have no idea where to start.”


Client: “We need a PCI QSA assessment. How quickly can you come?”


Client: “I thought we were compliant but I’m being told we aren’t. What do I do?”

PCI compliance challenges can make you want to tear your hair out, but I’m here to tell you that they don’t have to. Read on to learn how to get control over PCI compliance within your security operations program.

You’re not alone.

The first step to getting a handle on your PCI compliance challenges is to understand that you’re not alone. A recent ControlScan study found that 22% of IT leaders count their inability to meet compliance requirements as one of their top security operations concerns.

PCI compliance is a process all card-accepting businesses have to follow. You will positively shape your own destiny by viewing your organization’s compliance as one part of running a successful business.

Build from where you are.

For many businesses, the “overwhelming” part of PCI compliance comes from not knowing where to begin. The good news is that you don’t have to have an advanced security operations program to get PCI compliance right, you simply have to have a sober understanding of your current status.

How do you know where your current operations stand with regard to the PCI DSS? Get a PCI Gap Analysis! No client I’ve worked with has regretted having this analysis conducted, because it saves a lot of headaches and money down the road.

Tackle your PCI compliance challenges.

Knowing you’re not alone, and building from where you are, are two of the biggest ways you can tackle your PCI compliance challenges. Software company Church Community Builder serves as an excellent example of these two methods. Check out their success story to get additional insight into achieving and maintaining PCI compliance without all the drama.

Have some specific challenges you’re looking to tackle? We’re here to help! Click here to contact us.