摘要 |
A method and system for guiding end-users with respect to payment card data security standards. The system uses guidance questions that are worded simply and intelligibly so that end-users, regardless of their technical background or expertise, can understand the underlying issues and provide the proper answer. The guidance questions are generated from the PCI DSS SAQ and related guidance documents, to generate a list of positive, negative or non-applicable SAQ answers at the end of the process. The system generates action items with applicable policy statements for negative answers, if necessary, such that a completed questionnaire can be generated with all positive answers and sent to the authoritative entity. The system also generates vulnerability level reports based on the end-user's answers to assist the end-user and the host in assessing PCI DSS compliance readiness. The host can process the generated information, for example, to do risk analysis or risk management.
|