Regulatory expertise quickly facilitates PCI and SOX compliance
Snapshot
Kalles Group stepped in to help a global fashion retailer assess PCI and SOX compliance scope and challenges, and to make recommendations to quickly bring the company into compliance.
Challenge
Reliant on the ability to accept credit cards in a cost-effective manner, our client, a global fashion retailer, found itself noncompliant with PCI (Payment Card Industry) requirements. The consequences of PCI non-compliance range from higher rates from the issuing banks to the refusal of banks in allowing the organization to accept payment cards.
The company is also subject to Sarbanes-Oxley Act of 2002 (SOX), a financial compliance regulation governing publicly traded companies. SOX imposes strict standards on accountants, auditors and corporate officers for financial reporting and financial record-keeping. Violations of the Act carry criminal penalties that can include prison terms.
Needing advice on how to quickly bring the company into compliance for these two major regulations, the client reached out to Kalles Group for help in scoping the compliance and making recommendations for streamlining and automating the process.
Approach
Kalles Group got to work assessing the current situation and identifying next steps, including the following:
- Identifying key compliance areas
- Identifying the highest risks present in current environment
- Prioritizing highest risks and those that can be quickly remediated
- Providing step-by-step implementation tasks to achieve compliance
Results
Kalles Group created a phased roadmap for the client to follow in order to achieve full PCI and SOX compliance in the following areas:
- User Management
- Vulnerability Management
- Incident Management
- Security & Compliance Management
- Risk-Focused Security & Compliance Management
- Leveraging existing investments
- Operationalizing PCI compliance
Detailed background impact and considerations for each recommendation were provided as part of the client deliverable package. Kalles Group positioned our client to implement the recommendations and quickly become PCI and SOX compliant.