Security Accreditation Management System (SAMS) is a dedicated platform for acheiving and managing compliance:
VigiTrust has developed a dynamic PCI DSS assessment process, based on years of hands on experience in helping companies become PCI compliant. Organizations may confirm compliance status either by following the format of the PCI DSS 1.2 documentation if they are familiar with the process or by answering questions based on the VigiTrust Five Security Pillar™ framework within SAMS. The results are used as the basis for defining and optimizing remediation efforts in terms of policies & procedures, technical solutions and user awareness controls to implement to achieve compliance with PCI DSS.
Based on the data obtained from the on-line interrogation process, SAMS creates a pre-audit report, detailing the corrective action required in order to achieve compliance.
The pre-audit report includes a clear remediation path and details specific changes necessary in order to align policies & procedures with PCI DSS requirements. The report will also indentify technical changes and solutions to be implemented as well as specifying user awareness training for the relevant staff. This is presented in the shape of multiple view project plans available for all relevant PCI DSS team members.
SAMS provides an extensive library of policies and procedures for organizations to use in their compliance process. These policies and procedures have been tried and tested by VigiTrust with companies which they already have enabled to become PCI DSS Compliant.
SAMS incorporates a secure database, for storing all data relevant to the PCI Compliance process. The data includes but is not limited to, credit card processing workflows, tailored policies & procedures, network architecture diagrams, software and hardware asset inventory as well as quarterly network scan results.
SAMS incorporates project management features for scheduling remediation and maintenance tasks relevant to the compliance process, such as network scans, inventory updates etc. Users are flagged of such tasks in advance and then prompted to complete them at the appropriate time. SAMS will also prompt for any updates to documents held the secure repository as required by the standard.
SAMS incorporates a budget management function, which enables organizations to define and manage a budget for the compliance process. The SAMS Budget function covers all costs associated with the compliance process e.g. man-hours, hardware purchase, software purchase etc. The Organization will be alerted if there are overspending in one particular area or within a particular time frame
With SAMS dashboard view, user can get up to date detailed views of the progress of compliance process. The dashboard view shows the status of compliance in relation to each of the 12 PCI requirements and allows users to see progress for Policies & Procedures, Technical Solutions as well as User Awareness controls. Controls are shown as compliant, non-compliant or as work in progress. Each report accessed by authorized users can be exported to pdf and is stored in the SAMS compliance database.
Where a global organization has different PCI DSS compliance projects on going in different territories, SAMS provides full visibility for each separate PCI project as well overall compliance status through dashboard views and extensive choices of reports. Using SAMS, organizations can easily monitor and manage several different PCI Compliance processes from one location.
SAMS was created to make VigiTrust’s many years experience in helping companies achieve PCI Compliance available through a web based application. All processes, workflows and policies and procedures have been tried and test in real life PCI DSS compliance projects.
SAMS can also be complemented with on-site, telephone and web based consulting services available from VigiTrust’s security experts to support your organization in its compliance efforts