Introducing Automated PCI DSS Compliance
Announcing Drata’s new framework—PCI DSS. If you accept, process, store, or transmit credit card information, PCI compliance is required.
Out of the 1.4 million reports of identity theft in 2020, credit card fraud accounted for 28% of them. And we know that as a business, part of building trust with your customers is proving that you deserve it. Keeping credit card information safe is a vital step.
With that in mind, we’re excited to announce Drata’s fourth framework—Payment Card Industry Data Security Standard (PCI DSS). In less than a year out of stealth, we’re continuing our mission to ensure the future of trust in the cloud by expanding our framework coverage that allows our customers to build trust with their customers and partners.
If you’re ready to start your journey to PCI compliance, read on.
What is PCI DSS Compliance?
PCI DSS is a strict set of standards required by major credit card companies to ensure all companies that accept, process, store, or transmit credit card information maintain a secure environment. The PCI Security Standards Council is responsible for developing and managing PCI DSS standards.
PCI DSS offers merchants and service providers processing less than 4 million transactions annually the option to use self-assessment questionnaires (PCI SAQ) as a validation tool.
Key Features
We’re proud to bring you a solution that will consolidate the number of tools you use to become and remain PCI compliant. Here are just a few key features:
SAQ Readiness
The broad set of controls we have put in place fulfill the requirements for SAQ-D for merchants and service providers. PCI defines these as:
Service provider: a company that provides a service that could have an impact on the security of cardholder data.
Merchant: any entity that accepts payment cards bearing the logos of any of the five members of PCI SSC—American Express, Discover, JCB, MasterCard, or Visa.
With a dedicated support team of compliance experts and former auditors, you’ll have access to a breadth of knowledge to keep you on track with your goals and answer any questions you may have on PCI SAQs.
PCI Controls Management
Drata’s system is a layer of communication between siloed tech stacks and an overwhelming number of PCI compliance controls. Save time by having all the controls and requirements you need to be PCI compliant in one place.
Customization and Integrations
With 50+ integrations that instantly connect to your tech stack, monitoring your controls, endpoints, and vendors becomes seamless. As with all of our frameworks, you’ll also have the ability to assign control owners, create custom controls, send control notification reminders, and more.
Single Dashboard for all Frameworks
Streamline your compliance processes with a single dashboard. Whether you’re looking to reach compliance in one or multiple frameworks, your dashboard gives you full visibility into your company’s security posture at all times.
Knowing where you stand at any given time can help you make needed changes, stay audit-ready, and provide outside parties with real-time evidence.
Prepare for Your Report of Compliance
Every customer at Drata receives a dedicated success manager. Your manager will proactively engage with you to ensure you’re audit-ready. If you’re a current Drata customer, reach out to your success manager to set up PCI on your dashboard.
If you’re ready to see how Drata can automate your road to PCI compliance, book a demo here.
