• Skip to primary navigation
  • Skip to main content
  • Skip to footer
ControlCase No Tag LOGO md

ControlCase

IT Certifications, Continuous Compliance and Cybersecurity Services Provider

  • Company
    • About Us
    • Careers
    • Locations
    • Team
  • Industries
    • Business Process Outsourcing
    • Cloud Service Providers
    • Retail
    • Telecom | Entertainment
  • Certifications
    • PCI DSS Certification
    • CSA STAR Certification
    • GDPR Assessment
    • HIPAA Assessment
    • HITRUST Certification
    • ISO 27001 Certification
    • FedRAMP 3PAO Services and NIST 800-53
    • CMMC Compliance: NIST 800-171
    • MARS-E Assessment
    • P2PE Certification
    • PA DSS Certification
    • SOC2 Report
  • Solutions
    • Continuous Compliance Solution
    • One Audit
    • Card Data Discovery Software
    • Data Security Rating
  • Testing
    • Application Reviews
    • Application Security Training
    • Code Reviews
    • Card Data Discovery
    • External Vulnerability Scans
    • Firewall Security Reviews
    • Internal Vulnerability Scans
    • Log Monitoring
    • Penetration Testing
  • Resources
    • Events
    • News
    • Webinars
    • Courses
    • Newsletters
    • Blog
  • Contact Us

Key Aspects for PCI DSS Continuous Compliance While Working From Home!

You are here: Home / Blog / Key Aspects for PCI DSS Continuous Compliance While Working From Home!

ControlCase follows 3 main principles for Continuous Compliance Management – People, Technology and Processes. Below are Key Aspects your organization should be considering to ensure continuous compliance while working remotely.

PEOPLE
– The only way assessments will maintain value when done remotely is to adopt a partnership approach with assessors and implement continuous compliance solutions as an organizational cultural shift.
– Assessors should maintain their structure for an onsite audit; but instead use video calling and screen sharing to provide evidence and conduct interviews as a part of the assessment.
– Management must review user access privileges, including printing reports at home computers.

TECHNOLOGY
– Organizations should engage with vendors who have the infrastructure and expertise to provide remote testing (vulnerability assessment / penetration testing/ application security testing) capabilities for meeting the continuous compliance monitoring requirements.
– Sensitive data should only be accessible via secure encrypted channels like VPN and include additional security measures such as two-factor authentication.
– Implement additional controls that ensure sensitive data cannot be copied into or transmitted from local systems.
– Organizations hosting their environments in the cloud should consider working with vendors who can provide tools to directly connect with their cloud infrastructure and automatically collect evidence. This will reduce time in interviews to only the necessary questions and gaps.
– Organizations should ensure implementation of strong end-user security and access control architecture for remote end-users.

PROCESSES
– Controls specific to remote management and remote access need to be assessed with additional sampling and checks; this ensures integrity and confidentiality of sensitive data (e.g. card data) accessible to employees working from home.
– Review and conduct risk assessment process for remote employees.
– Automated evidence collection tools and scripts to be provided to customers during assessments to ensure that evidence can be remotely collected. A centralized evidence collection dashboard helps ensure all remote evidence is collected and stored properly.
– It is crucial to remotely enable other security business as usual activities such as; internal/external scans and tests, firewall reviews, card data discovery, SIEM, log monitoring, periodic user reviews etc.

Click Here to Read More

Email Kimberly Simon at ksimon@controlcase.com to schedule a demo of our methodology for PCI DSS compliance in the remote working environment.

Related Blog

"One Audit" for IT Security Compliance Explained!
The One Audit solution provides the ability for organizations to perform a single audit and certify/comply with multiple regulations including but not limited to PCI DSS, ISO 27001, BITS FISAP, HIPAA, SOC 1/2/3, and FISMA NIST 800-53.

About Us

ControlCase is a global provider of technology-driven compliance and security solutions. ControlCase is committed to partnering with clients to develop strategic information security and compliance programs that are simplified, cost effective and comprehensive in both on-premise and cloud environments.

ControlCase provides the best experts, customer experience and technology for regulations including PCI DSS, GDPR, SOC2, HIPAA, ISO 27001/2, CCPA, SWIFT, Microsoft SSPA, CSA STAR, SCA, PA DSS, PCI P2PE, PCI PIN, PCI 3DS, PCI Secure Software, PCI Secure SLC.

https://www.controlcase.com

  • Facebook
  • LinkedIn
  • Twitter
  • YouTube

Footer

Connect

Corporate Headquarters
12015 Lee Jackson Memorial Hwy, Suite 520, Fairfax, VA 22033

Send us a message

Call Us

About Us

ControlCase is a United States based company, headquartered in Fairfax, Virginia with locations in North America, Europe, Latin America, Asia/Pacific and the Middle East to serve our clients globally.

Quick Links

  • Company
  • Team
  • Careers
  • Locations
  • Covid-19 Notice

Certifications, Assessments and Reports

  • PCI DSS Certification
  • CSA STAR Certification
  • GDPR Assessment
  • HIPAA Assessment
  • HITRUST Certification
  • ISO 27001 Certification
  • FedRAMP and 3PAO Services
  • MARS-E Assessment
  • P2PE Certification
  • PA DSS Certification
  • SOC2 Report

© ControlCase LLC 2023 | Privacy Policy | Impartiality Statement | Legal Notices