Regulatory expertise quickly facilitates PCI and SOX compliance
Kalles Group stepped in to help a global fashion retailer assess PCI and SOX compliance scope and challenges, and to make recommendations to quickly bring the company into compliance.
Reliant on the ability to accept credit cards in a cost-effective manner, our client, a global fashion retailer, found itself noncompliant with PCI (Payment Card Industry) requirements. The consequences of PCI non-compliance range from higher rates from the issuing banks to the refusal of banks in allowing the organization to accept payment cards.
The company is also subject to Sarbanes-Oxley Act of 2002 (SOX), a financial compliance regulation governing publicly traded companies. SOX imposes strict standards on accountants, auditors and corporate officers for financial reporting and financial record-keeping. Violations of the Act carry criminal penalties that can include prison terms.
Needing advice on how to quickly bring the company into compliance for these two major regulations, the client reached out to Kalles Group for help in scoping the compliance and making recommendations for streamlining and automating the process.
Kalles Group got to work assessing the current situation and identifying next steps, including the following:
- Identifying key compliance areas
- Identifying the highest risks present in current environment
- Prioritizing highest risks and those that can be quickly remediated
- Providing step-by-step implementation tasks to achieve compliance
Every year, companies are thrown into fire drills at audit time, derailing projects and other important tasks. This disruption can be alleviated by a clear understanding of in-scope business elements and implementation of continuous processes that support compliance throughout the year.
Kalles Group created a phased roadmap for the client to follow in order to achieve full PCI and SOX compliance in the following areas:
- User Management
- Vulnerability Management
- Incident Management
- Security & Compliance Management
- Risk-Focused Security & Compliance Management
- Leveraging existing investments
- Operationalizing PCI compliance
Detailed background impact and considerations for each recommendation were provided as part of the client deliverable package. Kalles Group positioned our client to implement the recommendations and quickly become PCI and SOX compliant.