Technological solutions can help with compliance, Mack says. PCI requires some organizations to conduct quarterly vulnerability scans, for example. But some solutions can allow organizations to conduct scans monthly, weekly, and even more frequently. Integration can involve conducting compliance efforts in “smaller batches throughout the year versus huge batches when it comes as a surprise to you.”
Even organizations already in compliance with the existing guidance cannot rest on their laurels. Starting January 1, organizations will need to follow a new second version of PCI DSS. Most of the changes are in areas such as documentation, says Mack.