|
For Immediate Release
Contact:
Craig Isaacs
New PCI SAQ v1.1 Standards Harmonized into the UCF
UNIFIED COMPLIANCE SIMPLIFIES REGULATORY COMPLIANCE FOR CREDIT CARD MERCHANTS, VENDORS, AND AUDITORS OAKLAND, CA -- February 6, 2008 -Unified Compliance, the leader in IT regulatory compliance management, today announced the harmonization of the Payment Card Industry (PCI) Security Standards Council "Self Assessment Questionnaire" (SAQ) version 1.1 into the Unified Compliance Framework (UCF). The PCI Security Standards Council has outlined compliance requirements for organizations processing credit card transactions with the PCI Data Security Standard (PCI DSS). The UCF is the first to integrate PCI DSS and SAQ version 1.1 into a master compliance framework to focus on the commonalities in regulations, standards and guidelines to simplify the entire compliance process. The primary goal of the Unified Compliance Framework (UCF) is to help organizations harmonize compliance efforts across multiple authority documents. "Compliance requirements can overwhelm organizations," stated Dorian Cougias, co-founder of Unified Compliance. "We worked tirelessly to ensure the availability of SAQ 1.1 within the UCF upon announcement and release by the PCI Security Standards Council so our customers and field auditors could quickly and easily make the required adjustments." PCI DSS is a consolidation of five original programs from individual credit card companies that set out to protect customers with data security standards for merchants storing, processing and transmitting cardholder information. According to recent statistics, merchant compliance with PCI DSS has improved since 2006. However, a large percentage of merchants are still not compliant, particularly midsize and smaller merchants. This may be due in part to numerous unanswered questions about the PCI DSS requirements and confusion surrounding the implications of outsourcing arrangements on the scope of PCI compliance efforts and how to adequately segment networks to reduce the scope of compliance activities. For companies processing, storing, or transmitting payment card data, non-compliance means losing their ability to process credit card payments, being audited, and/or receiving fines. The UCF simplifies compliance and standards through a harmonized set of controls within which all regulatory standards and best practices can be mapped. Currently, more than 400 individual international regulations, standards, and best practices have been mapped to the UCF, including Sarbanes-Oxley, HIPAA, PCI-DSS, Visa CISP, Amex DSS, MasterCard EC Architecture Best Practices, Basel II, Gramm-Leach-Bliley, FERC, ISO 15489, and CobiT. The harmonized PCI SAQ controls are now available to all PCI Qualified Security Assessors (QSAs). Current UCF subscribers will automatically receive the PCI SAQ controls with the next UCF update. About the UCF The Unified Compliance Framework is the first independent initiative to exclusively support IT compliance management by focusing on commonalities across regulations, standards-based development, and simplified architectures. Unified Compliance's strategic approach to IT compliance reduces cost, limits liability, and leverages the value of compliance-related technologies and services across the enterprise. The UCF was created by Dorian Cougias and his research partner, Marcelo Halpern of the international law firm Latham and Watkins, which oversees all legal aspects of the UCF. More information can be found at www.unifiedcompliance.com. # # # |
PCI SAQ v1.1 Standards Harmonized into the UCF