Regulatory expertise quickly facilitates PCI and SOX compliance


Kalles Group stepped in to help a global fashion retailer assess PCI and SOX compliance scope and challenges, and to make recommendations to quickly bring the company into compliance. 

Woman with laptop and calculator excited about finally paying down her mortgage. Young lady super happy about refund approval email. Smiling millennial woman celebrating successful online investment
The Challenge

Reliant on the ability to accept credit cards in a cost-effective manner, our client, a global fashion retailer, found itself noncompliant with PCI (Payment Card Industry) requirements. The consequences of PCI non-compliance range from higher rates from the issuing banks to the refusal of banks in allowing the organization to accept payment cards. 

The company is also subject to Sarbanes-Oxley Act of 2002 (SOX), a financial compliance regulation governing publicly traded companies. SOX imposes strict standards on accountants, auditors and corporate officers for financial reporting and financial record-keeping. Violations of the Act carry criminal penalties that can include prison terms.  

Needing advice on how to quickly bring the company into compliance for these two major regulations, the client reached out to Kalles Group for help in scoping the compliance and making recommendations for streamlining and automating the process. 

Our Approach:

Kalles Group got to work assessing the current situation and identifying next steps, including the following: 

  • Identifying key compliance areas 
  • Identifying the highest risks present in current environment 
  • Prioritizing highest risks and those that can be quickly remediated 
  • Providing step-by-step implementation tasks to achieve compliance 
Quotation mark icon

Every year, companies are thrown into fire drills at audit time, derailing projects and other important tasks. This disruption can be alleviated by a clear understanding of in-scope business elements and implementation of continuous processes that support compliance throughout the year.

The Results

Kalles Group created a phased roadmap for the client to follow in order to achieve full PCI and SOX compliance in the following areas:  

  • User Management 
  • Vulnerability Management 
  • Incident Management 
  • Security & Compliance Management  
  • Risk-Focused Security & Compliance Management 
  • Leveraging existing investments 
  • Operationalizing PCI compliance  

Detailed background impact and considerations for each recommendation were provided as part of the client deliverable package. Kalles Group positioned our client to implement the recommendations and quickly become PCI and SOX compliant.