Compliance Solutions

How IS Decisions can help you address PCI DSS compliance to keep sensitive cardholder data safe

Organisations worldwide are regulated by the Payment Card Industry Data Security Standard (PCI DSS).

PCI DSS applies to all businesses that handle payment card data and follows common sense steps that mirror best security practices.

As is the case with other financial services compliance - SOX, GLBA, and the FCA, PCI DSS has separate requirements relating to access security, which if you fail to adhere to, you risk non-compliance and cyber attack.

Which is why, we have compiled a helpful checklist of ways in which UserLock and FileAudit can help you address both users network access security and file access security. The list is by no means exhaustive, but will help you on your way to becoming PCI DSS compliant and keeping sensitive cardholder data safe.

Become PCI DSS compliant with IS Decisions solutions

PCI DSS Compliance Logo

How UserLock and File Audit can help your organisation become PCI DSS compliant

PCI DSS Requirement 7: Restrict access to cardholder data by business know how

« To ensure critical data can only be accessed by authorized personnel, systems and processes must be in place to limit access based on need-to-know and according to job responsibilities. Need to know is when access rights are granted to only the least amount of data and privileges needed to perform a job. »


Do you restrict network access on a job-role basis?

Enables the administrator to set granular access rights to different types of employees to ensure that they can only access the information they need to do their job.


Do you review network access for employees who change roles in the organisation?

Enables administrators to easily change access rights (permanently or temporarily) for individual users, groups of users, or organisational units.


Do workstations automatically log users off the network following a period of inactivity?

Automatically logs off a session after a specific length of idle time to prevent unauthorised users accessing sensitive information from unattended workstations. What’s more UserLock can set authorised timeframes for certain users’ access and force workstations to log off outside these hours.


PCI DSS Requirement 8: Assign a unique ID to each person with computer access

« Assigning a unique identification (ID) to each person with access ensures their actions taken on critical data and systems and performed by, and can be traced to, known and authorized users. »


Do your employees need to log in to access your network and do they do so with unique login credentials?

Ensures that nobody can log in to the system without uniquely identifiable credentials.


Do you restrict users from sharing logins?

Prevents concurrent logins with the same set of user credentials — helping to eradicate dangerous password sharing practices and stop unauthorized access.


Can you attribute actions on the network to individual users?

Helps administrators verify all users’ identity at any time, making users accountable for any activity — malicious or otherwise.


Do you enforce the secure use of passwords?

Strengthens unique network login credentials with context-aware access restrictions and user reminders, which help verify that a person seeking access to the network and the information within is genuinely who they say they are.


PCI DSS Requirement 10: Track and monitor all access to network resources and cardholder data

« Assigning a unique identification (ID) to each person with access ensures their actions taken on critical data and systems and performed by, and can be traced to, known and authorized users. »


Do you monitor access to the network?

Monitors all logon and logoff activity in real time to ensure that the only people who can access the network and vital data within, are the people who need to. UserLock alerts administrators to any suspicious, disruptive or unusual logins based on time, location and device.


Do you monitor specific actions on files or folders, like copying, moving and deleting?

Monitors all files and folders in real time on your network and records all actions that users take when making modifications. It verifies that users have not altered or destroyed customer information or other sensitive data in an unauthorised manner.


Do you conduct regular security audits or reports?

Records and audits all network logon events, across all session types, from a central system.

Audits all access and changes to files and folders, and immediately alerts administrators to suspicious behaviour.


Find out more for yourself with our FREE 30Day Fully Functional Trials