VigiOne for PCI DSS Merchant Compliance

VigiOne as Merchant Compliance Platform (MCP) for PCI DSS is a Web-based platform created to allow merchants to quickly and simply validate compliance with the PCI DSS (Payment Card Industry Data Security Standard) which they are required to do by their acquiring bank and the card service providers’ regulations. It has been created by VigiTrust security and compliance experts, with regular input from PCI DSS QSA partners. The MCP includes a suite of features that simplifies and centralizes the compliance process for any merchant, group of merchants or organization wishing to demonstrate compliance to PCI DSS.

VigiOne is modular and configurable. VigiOne is designed to enable organizations to manage compliance to multiple data standards and information security regulations with one single program and platform. This often means that such organizations start using VigiOne to manage to one single security standard and then evolve to add others as appropriate. One common and very successful concept has been to use VigiOne to manage compliance to PCI DSS. In such a case, the features of VigiOne are very specific to PCI DSS.

Using the MCP the merchant will provide access to a number of key features required to validate compliance:

  • eLearning: educate staff as to what PCI DSS is and how to protect card holder data and confidential information
  • SAQ functionality: The MCP has in-built versions of all SAQs and guides merchants to the SAQ they need to complete by asking them key questions about how they take credit card payments. Merchants can complete the SAQs online and download, print out and/or mail the completed documents.
  • Integrated learning management system (LMS) that links awareness and understanding with policy implementation. Interactive, multilingual eLearning courses with testing and certification. PCI DSS eLearning tailored for multiple user types, payment staff, program managers, technical staff, senior executives, merchants and franchisees (one sample course included; contact VigiTrust for additional courses and licenses).
  • Policy and procedure management tool that allows for the tracking of alignment and standardization of policy and procedures where possible with local, regional and functional variation where required. The system comes preloaded with some standard PCI DSS policy templates that are relatively easy for merchants to customize for their own use. The MCP enables merchants to download and assign a status to generic security polices (i.e. in place/not in place) All documents are based on VigiTrust templates. Merchants or organizations can upload their own versions of these policies or other relevant policies as required. (This module can be customized for non-standard set-ups; contact VigiTrust for more information).
  • MCP allows the generation and completion of all of the PCI DSS SAQ Types for merchants and Service Providers:
    • SAQ A, SAQ A-EP, SAQ B, SAQ B-IP, SAQ C-VT, SAQ C, SAQ P2PE, SAQ D for Merchants & SAQ D for Service Providers.
  • Includes a wizard to assist organizations determine which SAQs are appropriate for them.
  • Includes a Secure Evidence Library where files containing documentation, reports, images, statistics, vulnerability scans etc. can be stored as evidence and dynamically linked to requirements, controls and tasks. This includes the capability to set up, store and track Compensating Controls as dictated by the regulations.
  • Task assignment and management tool with calendar allowing users to set up one-off and recurring tasks that can be assigned to individual users and business units with priorities and deadlines. These can be used to manage and track compliance and remediation activity but also to ensure that recurring tasks such as training, testing, vulnerability scanning and SAQ completion are scheduled and managed.
  • Full reporting, configured by user type and with dynamic features for customization and drill down. Full data export functionality for more detailed analysis. The reporting feature has in the past been customized at the request of selected clients tracking compliance across thousands of merchants often in diverse industries or spread across many countries, currencies, languages etc.
  • Multi-level dashboards with statistics, trends and charts, again with drill down and export functionality.
  • Multilevel organizational and user management with features such as self-service user management, authentication and single sign-on where required.

Click on the items below for further information on VigiOne and PCI DSS in our Document Library.