Governance, Risk and Compliance (GRC) solutions provider Agiliance today announced the launch of Agiliance Continuous Compliance Service™ (CCS) for PCI, a cloud-based solution that manages the entire PCI life cycle.
Priced at $87,500 per year, Agiliance CCS for PCI enables organizations to build a GRC program to satisfy all internal and external stakeholders over time. The company says its solution helps overcome the dilemma of continuous consulting and transition to an approach of continuous compliance instead, with an investment payback ranging from two to six months for Level-1 and Level-2 merchants.
The new requirements of PCI 2.0 present a daunting challenge. They require an organization’s existing security policies to include virtualized environments, policy governance, risk remediation and 100 percent asset coverage. The sheer volume of data required to scope, analyze, mitigate, certify and maintain people, assets, data sets and applications renders the traditional approach of continuous consulting in combination with Microsoft Excel spreadsheets ineffective.
Eric Schou from McAfee suggests that automation is key when it comes to compliance. “With the amount of regulations worldwide, there is no possible way you can remain compliant with out some kind of automated solution. In fact, there are already more than 400 compliance mandates worldwide, and 50% of companies have to comply with 10 or more regulations annually. Annual PCI audits and quarterly SOX reports tend to cause the most pain these day, but don’t fall into the trap of focusing on an individual regulation or audit. Trying to handle regulations “one by one” is a recipe for disaster,” Shou writes in his recent SecurityWeek column.
According to Verizon’s 2010 PCI report, only 22 percent of businesses achieved compliance at Initial Report of Compliance (IROC). An independent survey conducted by PSC Payment and Security Experts reveals that this number falls to 18 percent within 60 days of certification. Consequently, many organizations will be pressured to improve the way they operate and automate their PCI compliance process.
Agiliance says that with its CCS for PCI solution, organizations can achieve the following benefits:
• Certify 61 percent faster
• Save over 50 percent in costs
• Remove audit fatigue
• Improve reputation
• Achieve real-time monitoring of PCI compliance status
• Provide current documentation, evidence and reports for both internal resources as well as external consultants (e.g., Qualified Data Security Companies and Qualified Security Assessor)