PCI DSS v4.0 Goal 4: Enhance validation methods and procedures

By Dan Schroeder | September 12, 2022 |
Hacker in darkened room

At a glance The main takeaway: PCI SSC has issued a 360-page supplemental Requirements and Testing Procedures document. This document provides QSAs extensive clarification and guidance to enhance validation methods and procedures for PCI DSS compliance reporting. Impact on your business: The PCI 4.0 Requirements and Testing Procedure document provides detailed guidance and explanations of…

Read More

The 4 Goals of PCI DSS v4.0

By Dan Schroeder | September 12, 2022 |
Fingerprint scan digital illustration

At a Glance The main takeaway: The PCI Security Standards Council released PCI DSS version 4.0 on March 31, 2022 to replace version 3.2.1. Businesses subject to PCI compliance must understand the significant changes in PCI 4.0 as they plan their transition from PCI DSS v3.2.1 to v4.0. This video is the first in a…

Read More

PCI DSS v4.0 Goal 2: Promoting security as a continuous process

By Dan Schroeder | September 12, 2022 |
Computer screen digital illustration for encryption concept

At a glance The main takeaway: Historically, PCI has been viewed as a point-in-time compliance standard and this explains why many entities have not established capabilities to treat PCI security as a continuous 24×365 process. PCI 4.0 establishes new requirements across the data security standard for security to be managed as a continuous process. Impact…

Read More

PCI DSS v4.0 Goal 3: Increasing flexibility of methods to achieve security objectives

By Dan Schroeder | September 12, 2022 |
woman in computer science lab

At a glance The main takeaway: PCI 4.0 provides two validation options for compliance with the DSS. The first is the Defined Approach, which is similar to PCI’s historic approach. The second validation option, or Customized Approach, requires entities to conduct targeted risk analysis, define and then deploy controls against each PCI requirement. Impact on…

Read More

Information Assurance Services for Healthcare IT Companies

By Dan Schroeder | June 14, 2021

HIPAA’s Security Rule requires healthcare IT companies to maintain reasonable and appropriate administrative, technical, and physical safeguards for Identifying and protecting e-PHI against anticipated threats to the security, integrity and unauthorized disclosure of the information. Today’s most publicized cybersecurity threats include: Phishing Attacks Social Engineering Ransomware Remote worker endpoint security DDoS attacks Poor software patch…

Read More

Learn How to Adopt a Stress-Free PCI Compliance Process

By Dan Schroeder | May 12, 2021

At a glance: The main takeaway: For many payment facilitators, the PCI compliance process is notoriously stressful and often inefficient, leading to constant fire drills that disrupt business operations. Impact on your business: By viewing PCI compliance as an iterative process and adopting a more methodical approach, you can eliminate unnecessary headaches and better protect…

Read More

Costs and Consequences of Healthcare Data Breach

By Dan Schroeder | January 9, 2021

Hackers have proven that there is no boundary they will not cross. They will even hold hostage data that impacts human life. “If your data can be monetized, be assured that it is a target,” shares Aprio’s Dan Schroeder in a recent data security and compliance webinar. In this 3 and ½ minute clip, he…

Read More

Rightsizing HIPAA Compliance for Business Stage

By Dan Schroeder | December 4, 2020

HIPAA, SOC II, HITRUST… If you work with healthcare entities you need compliance, but what is the appropriate level? Watch this 3 ½ min video clip as our HIPAA Assurance Lead, Dan Schroeder, breaks down four options: HIPAA Compliance Attestation SOC II HITRUST SOC II + HITRUST Report

Read More