New integration with the latest PCI DSS requirements helps streamline QSAs’ assessment activities
— Adam Goslin, TCT Founder
ROCHESTER, MI, UNITED STATES, September 12, 2023/EINPresswire.com/ — In response to the latest additions to PCI DSS 4.0 requirements, Total Compliance Tracking (TCT) has announced enhanced functionality to streamline the compliance assessment process. TCT’s compliance management portal automatically generates PCI’s new Items Noted for Improvement (INFI) worksheet. This integration aims to alleviate the additional workload on Assessors that comes with the INFI worksheet.
The introduction of PCI DSS 4.0 in December 2022 included a significant change by removing the “In Place with Remediation” assessment option. This shift means that organizations must explicitly document any corrective actions that are taken during the assessment. The INFI worksheet was announced in June 2023 to record these corrective actions. The worksheet keeps organizations accountable by providing an audit trail that can be reviewed year by year to observe historical patterns of failure.
While the INFI worksheet provides greater transparency and insights to an organization’s security stance, it also adds to Qualified Security Assessors’ (QSAs’) workloads. The worksheet requires detailed documentation, including the identification of the issue, reasons for initial failure, corrective actions taken, and future preventive measures. For most QSAs, the new changes are an onerous and interruptive addition that lengthens the assessment process.
FACILITATING SEAMLESS WORKFLOW AND COMPLIANCE MANAGEMENT
TCT Portal’s INFI integration automatically generates the INFI worksheet at the end of an engagement, with just a click of a button. This adaptation facilitates a smoother, more streamlined workflow for Assessors, allowing them to concentrate on the assessment with minimal disruption to their workflow.
TCT Portal facilitates smooth entry for INFI related data, letting users manage all compliance documents within a singular, integrated platform. There’s no need to switch between applications or documents, and everything is at the Assessor’s fingertips. This not only saves time but substantially reduces the scope for error, enhancing the overall efficiency and accuracy of the compliance management process.
TCT Potal’s INFI integration was released just two months after PCI’s release of the INFI worksheet. Goslin stated that the quick response showcases TCT’s dedication to staying ahead of industry trends and adapting quickly to new requirements. “This represents another example of seeing our clients’ needs and moving quickly to reduce their time and effort,” Goslin said. “Any way we can optimize the user experience and streamline their work, we’ll jump at it.”
SEE TCT’S INTEGRATION AT THE PCI DSS COMMUNITY MEETINGS
TCT is participating in the upcoming PCI SSC Community Meetings in Portland and Dublin, and the team is eager to showcase how TCT Portal supports compliance professionals at every level. TCT is proud to have been selected to perform a demonstration of the TCT Portal as part of the PCI technical demonstrations at both of these events to showcase how to streamline complex compliance engagement management.
“The integration of INFI functionality continues TCT’s commitment to creating solutions that not only meet the industry standards but also ease the path of compliance for our clients,” Goslin said. “It was important to us to support the needs of our clients who are working in the PCI space. We didn’t want TCT Portal to merely point users to the PCI website or simply attach a Word document and wish them luck. We wanted to help our customers manage their compliance data effectively, and systematically. Automated document generation was a critical element of that client commitment.”
PCI DSS 4.0 is the security standard developed by the PCI Security Standards Council (PCI SSC), a global forum that brings together payments industry stakeholders to develop and drive adoption of data security standards and resources for safe payments worldwide.
ABOUT TOTAL COMPLIANCE TRACKING
Total Compliance Tracking (TCT) is dedicated to making compliance management suck less. Since 2013, TCT has served the security and compliance community by providing both a SaaS-based compliance management platform called TCT Portal and hands-on consulting.
TCT Portal is an end-to-end software solution that automates all the heavy lifting of a compliance engagement. It was built by security and compliance people, for security and compliance people — incorporating decades of in-depth, hands-on compliance management expertise. The platform organizes every aspect of compliance engagements and typically cuts manual labor in half. TCT Portal serves any company subject to compliance, those serving those dealing with compliance challenges and Assessment Firms.
The TCT consulting team has multiple decades of combined hands-on experience in every facet of security and compliance management. TCT’s compliance consulting provides confidence and peace of mind in the midst of an overwhelming compliance engagement. The consultants have been in the trenches and know what it’s like to try to manage security and compliance efforts while under-resourced or under-experienced.
TCT can provide consulting services and software packages (via TCT Portal) for virtually any compliance regulation, including PCI-DSS, SOC 2, HIPAA, ISO, and dozens of other standards.