ZenGRC

Simply Powerful GRC

Home » Resource Center » Blog

Blog

Found 1516 Results
Page 31 of 152

What Is a SOC 2 Type 2 Audit?


A System and Organization Controls for Service Organizations 2 (SOC 2) audit assesses how well a service provider’s internal controls and practices safeguard customer data’s privacy and security. Service providers include those providing Software-as-a-Service (SaaS) or cloud computing services, as well as other professional services such as consulting that third-party vendors routinely offer. The common […]

man and woman holding SOC 2 and ISO27001 puzzle pieces

Tags:

November 6, 2023

Do Banks Need to be PCI Compliant?


Do Banks Need to Be PCI Compliant? Banking is one of the most heavily regulated industries and for good reason. With sensitive customer data and financial transactions, they’re a primary target for cyberattacks. Among the many standards banks must meet, the Payment Card Industry Data Security Standard (PCI DSS) is often overlooked. If your financial […]

closeup view of chip-enabled credit cards

Tags: ,

What Are the PCI Audit Log Retention Requirements?


Generating an audit trail is not just good practice but is also integral to achieving PCI compliance, which stands for Payment Card Industry Data Security Standard (PCI DSS). This standard is what retailers and banks rely on to safeguard consumers’ sensitive credit card information. In particular, when striving for PCI compliance, audit logs, log management, […]

The concept of credit card theft. Hackers with credit cards on laptops use these data for unauthorized shopping.

Tags:

What is PCI Compliance Level 2?


The Payment Card Industry Data Security Standard (PCI DSS) Level 2 merchants process between 1 and 6 million Visa, Mastercard, and Discover transactions yearly, 50,000 to 2 million American Express sales, and fewer than 1 million JCB International credit card transactions.  Service providers–entities that process credit card payments for merchants and their financial institutions (also […]

closeup view of blue credit card

Tags: ,

What is PCI Compliance Level 3?


The Payment Card Industry Data Security Standard’s (PCI DSS) compliance Level 3 applies to mid-size merchants that, generally speaking, process between 20,000 and 1 million credit card transactions per year. As is the case with all the PCI compliance levels, however, the exact number of transactions qualifying a merchant for Level 3 depends mainly on […]

female inserting credit card into card reader

Tags: ,

ISO Compliance vs. Certification: What’s the Difference?


ISO certification means that a third party has independently validated that an organization conforms to standards established by the International Organization for Standardization (ISO).  ISO compliance means that companies adhere to the requirements of ISO standards without the formal certification and recertification processes.  To date, the ISO has developed over 22,000 international standards covering multiple […]

digital hand tapping ISO standards quality controls touchscreen

Tags:

Who Needs PCI DSS Compliance?


If you are a company that processes debit or credit card payments online or in person, you may have heard of “PCI DSS” or the “PCI SSC.” These terms are related to security controls for sensitive data – specifically, the controls a retailer or payments processor should have to ward off cybersecurity threats and keep […]

Payment by card, in the payment terminal. Electronic money. Mobile banking

Tags:

What Is Segregation of Duties in Auditing?


Safeguarding the integrity of financial systems and protecting against fraud and errors are paramount concerns for any business. One way to address both of those threats is a concept called segregation of duties — a personnel tactic that promotes transparency and accountability throughout these systems.  This article explores that concept, unpacking what makes it a […]

businessman tapping Audit-Readiness on touchscreen containing digital security icons

Tags: ,

Should cyber insurance include ransomware protection?


In the modern digital age, the specter of ransomware looms large over businesses, governments, and individuals alike. The pervasive threat has led to a new question about an old (by technology standards, anyway) tool: Should cyber insurance coverage cover ransomware attacks? Cyber insurance has gained prominence in recent years due to the rise in cyber […]

encountering ransomware on laptop

November 3, 2023

PCI Compliance Checklist for Audits


The PCI Security Standards Council (PCI SSC) established PCI DSS as a framework for merchants and service providers to use in securing credit card and cardholder data from a breach. Annual audits to document your compliance with the Payment Card Industry Data Security Standard (PCI DSS), however, can be nerve-wracking and expensive. Preparing for that […]

lady building steps as she ascends the staircase

Tags: ,

November 1, 2023

Page 31 of 152

Ready to Experience Simply Powerful GRC?

×