IT Solutions For PCI Compliance: Timeframes
Any business involved with the use or processing of credit card information must be sure that its systems are compliant with the payment card industry's data security standard. This includes virtually all companies that take credit cards as a form of payment. When these companies begin to use IT solutions such as virtualization and cloud computing, remaining compliant with PCI DSS can become a much larger challenge.
Fortunately, there are steps that a managed programs staff can take to help meet this challenge. Keeping the computing environment in compliance over the long term is simpler if your managed programs personnel implement helpful control measures from the start.
One powerful strategy in this regard is to assign a fixed timeframe for the life of a virtual machine. VMs created by workers as their needs indicate may otherwise persist long after their useful lives. This is a waste of resources, but it also represents a danger area for PCI DSS compliance since machines created for a short-term purpose will not have necessary compliance steps in place.
Managed programs staff can designate a ‘shelf life’ for these kinds of VMs, automatically killing them after a certain span of time. VMs intended to be permanent fixtures, in contrast, can be included on the official inventory of VMs operating in the system. These virtual machines can be monitored to be sure that appropriate PCI DSS compliance procedures are in place.