Cobit and PCI 1566



  • Hi,
    I am looking for a matrix that make the link between the control Cobit and the control related to PCI (payment Card Industry). Where can I find it?
    thanks,
    Kate



  • There are a lot of products and vendor solutions I noted in a Google search and didn’t see a lot in the way of free items. Some of our members may offer better links.
    Below are partial URLs that you can add a www to and paste into your browser - as direct hyperlinking is discouraged in the forums
    Google Search
    google.com/search?hl=en-and-q=Cobit Payment Card Industry
    BMC - 10 Page PDF - charts COBIT steps
    bmc.com/USA/Communities/attachments/BMC_BPWP_Reg_Compliance.pdf
    Computerworld Article
    computerworld.com/governmenttopics/government/policy/story/0,10801,101792,00.html
    Optimal Security Blog – Good PCI related entries
    Don’t prefix this url with www
    blog.optimalsecurity.com/



  • Hi,
    Interesting question…however, SOX under a CobiT Framework and PCI using the PCI Standards are two separate compliance requirements each with different covered entities.
    For example, PCI may apply to a private company if it meets specified credit card processing or credit card information criteria. SOx, does not apply to private companies.
    If the objective is to identify potential overlap for the purpose of reducing testing, you might find some common linkage between PCI and SOx in the area of IT Data Security and Backup and Recovery. However, I do not think that Change Management or IT Governance is addressed in the PCI Standards.
    To my knowledge, PCI has its roots in HIPAA and has much in common with HIPAA compliance requirements.
    If you search on the term, ‘PCI’ on this Forum, you will find additional discussion about PCI and the linkage between PCI and HIPAA.
    Hope this further helps,
    Milan


Log in to reply