- Use Cases
- Why Dizzion
PCI compliance is a major concern for any organization that collects, stores or transmits payment card information. The Payment Card Industry Security Standards Council has outlined 12 key requirements — each with multiple controls and subcontrols — that an organization needs to directly address in order to be deemed PCI compliant.
As companies embrace more cloud solutions, meeting and maintaining compliance can become more complicated. But by choosing the right compliant vendor, it could also become easier. This is particuarly important when it comes to virtual desktops. Whether built in-house or outsourced via a desktop as a service (DaaS) provider, the desktop is the single most common way every employee and contractor accesses your (and your customers’) protected information. These new assets from Dizzion will help you understand what to look for with a PCI compliant virtual desktop solution and give you the tools to find the right service that matches your compliance needs.
Many DaaS and outsourced VDI or infrastructure as a serviced (IaaS) providers offer some level of PCI compliance. What you need to be aware of is that compliance may pertain only to the service provider or leave the vast majority of controls as your sole responsibility. Don’t fall for “PCI compliant LITE” solutions. Instead, understand what’s required and the common scenarios that can leave you with more responsibility than anticipated.
Any solution provider that claims to offer a PCI compliant service must be able to provide a responsibilities matrix or RACI (Responsible, Accountable, Consulted, Informed). These documents make it crystal clear who takes responsibility for which PCI controls. Some will be the vendor’s responsibility, some will remain with the client and some will be shared. Understanding how much responsibility you retain is critical to planning your virtual desktop initiative and ongoing compliance requirements.
To help you clearly vet and compare solution providers, this PCI responsibilities checklist outlines all major responsibilities, controls and subcontrols and gives you a way to track where ownership of each lies.