Seeking Compliance Nirvana: Don’t let SOX and PCI get the better of you

Compliance. The mere mention of it brings to mind a harrowing list of questions and concerns. For example, who is complying and with what? With so many standards, laws, angles, intersections, overlaps, and consequences, who ultimately gets to determine if you are compliant or not? How do you determine what is in scope and what is not? And why do you instantly think of an audit when you hear the word compliance? To see the tangled hairball that is compliance, just take a look at my company. It is on the hook for SOX, as we are a publicly traded company; for a number of banks for the PCI DSS, also known as Visa CISP; for HIPAA; for CA 1786; and for the European Union, its member countries, Japan, Korea, and a handful of other countries’ privacy and data security laws.