Simplifying PCI Assessments for Infosend
“Infosend has worked with SecurityMetrics since 2014. I’ve been involved for the past six years.”
“Amazing! We’ve been through other types of audits, and it’s difficult to collect evidence because it’s typically done from a nontechnical standpoint. We’ve done SOC audits in the past that were done by accountants who aren’t technical, and we’ve gotten very broad questions. Whereas, dealing with SecurityMetrics, we’ve received specific technical questions that have concrete answers for us to send back.”
“We were aware of it. We read through the 4.0 standard before and talked with our assessor about the changes and the exact differences so that we could try and make sure that we comply with those things that are different. So we had about six months of a heads-up.”
“I mean, it was definitely different, but it wasn’t different in a bad way. Our stress level related to PCI version 4.0 wasn’t bad because we knew that if anything major came up, we could always fall back on our 3.2.1 assessment this year and still be valid. We knew we would comply with the old standard because we had been assessed the previous year.”
“Working with SecurityMetrics has been much less confrontational and more like we are working on a team that wants to make things better. In the past, it’s felt like assessors come in and want a big “gotcha!”’
“Our partnership helps us not only comply with PCI but also make our processes better and more secure. The assessment process is also very smooth. You get clear questions about what’s needed, so you’re able to give specific answers instead of trying to guess what is needed.
Their portal simplifies the process and ensures we are on the same page as the assessment team. The portal makes sure everyone knows where we are in the process, and what’s still needed. It’s also easy to communicate within the platform to get any documentation or sign-off on decisions.”
“Very much so. One of the nice things about the portal is that you have the ability to go back to previous assignments and see back and forth comments. You can see what evidence was provided for past assessments, if there were any mistakes, if we gave the wrong evidence, etc.
It’s nice to know that we have the ability to look back on past assessments. The other portals we have used don’t have that ability.”
“I appreciate that you guys are always there for us to contact if we have questions. As things change and new technologies come out, we can always bounce ideas off of our assessor or other SecurityMetrics professionals for advice. We can ask if new technology can be used and what we should be looking out for so we stay in compliance.”
.svg)
