The Impact of PCI Compliance: Addressing Compliance with a Comprehensive Program

Part 1 of a 2 Part PCI Compliance-based Blog
.
The Network Detective PCI Compliance module allows MSPs to deliver PCI compliance services in a non-intrusive manner, either as a one-time prospecting tool for companies that accommodate credit card transactions, or as part of an ongoing program for such companies. As industry reports show, non-compliance can have a detrimental impact on businesses that conduct such transactions. See the accompanying statistics from the 2017 Payment Security Report.

Part One of our study on PCI Compliance will explain how the specific capabilities of effective assessment tools such as Network Detective address real-world challenges for businesses, and create opportunities for MSPs, such as:

• Comprehensive PCI assessment services: The PCI Compliance module assesses Cardholder Data Environments (CDEs) and performs PCI pre-audit services, generating reports not just on the technical status of the network, but procedural policy reports relative to each office environment as well. These documents provide a broad spectrum of information that allows the MSP to establish an ongoing compliance program, catered to the individual needs of each business.

• Evidence of ongoing PCI compliance: The tool produces the necessary key documents that can be used as proof that a customer is taking steps to adhere to PCI standards. This weighs heavily in the favor of a business in the instance of an audit. Compliance standards require that companies not only take measures to secure PCI data, but that those businesses provide documented proof of such procedures.

• PCI-approved ASV scans: Thanks to an agreement with an ASV-approved vendor partner, MSPs can conduct ASV-certified scans ordered directly from inside the PCI Compliance module’s user interface. This new feature empowers the MSP to conduct such scans without having to contract an approved third party.

PCI remediation opportunities. The module documents and prioritizes issues and PCI-related vulnerabilities that require mediation, which MSPs can then address through managed services. This can serve as a guideline for MSPs on how to proceed with a long-term compliance program, increasing revenue opportunities, and strengthening the MSP’s client relationships. All this while maintaining compliance for the end-client and helping them avoid potentially devastating PCI-related fines.