A free management application that allows businesses to measure, monitor and report on their compliance to PCI-DSS v2.0 payment card data security standards, has been launched by governance, risk and compliance (GRC) specialist Acuity. Available for download from the Acuity website, the compliance software monitors progress against the six milestones in the PCI-DSS Prioritized Approach and will identify, assess, manage and report on risks to cardholder data. It will also track residual risk status in relation to performance of PCI controls and key metrics and provide visibility of information for auditors.
The Acuity PCI DSS tool reduces the time it takes to gather, collate and report on compliance; while also improving governance and reducing the cost of external audits and due diligence by always having up-to-date status information. And by mitigating the risk of incidents resulting from non-compliance, companies will also save costs associated with crisis responses, direct losses and reputational damage.
âAs PCI requirements impact any business handling payment card information, there is critical need for a practical risk-based approach to PCI compliance based on easy-to-use, accessible tools that identify, log and report incidents or near misses and use this information to continually improve PCI compliance management processes,â said Simon Marvell, partner at Acuity Risk Management.
The free, single-user license of the PCI compliance tool is configured with detailed PCI DSS requirements and security assessment procedures. Used with a free version of Acuityâs STREAM Integrated Risk Manager software, it can be used to fully automate PCI compliance management functions, recording and maintaining the current status against PCI DSS and using sophisticated management reporting to view current and historical status with trend analysis. STREAM can be implemented as an Enterprise GRC solution for specific management systems, such as information risk, IT governance and business continuity.