THE COMPANY:
Braspag Tecnologia em Pagamento
Braspag is a technology company that supports payments between companies and individuals. We work with platforms, financial institutions, regulators, payment networks, banks and consumers.
Braspag is a technology company that supports payments between companies and individuals. We work with platforms, financial institutions, regulators, payment networks, banks and consumers.
What has been a key challenge for your company in implementing and maintaining the PCI Data Security Standard (PCI DSS)?
A key challenge is managing the costs involved with implementing and maintaining PCI DSS and establishing a PCI DSS program. The PCI DSS Program is an important part of the Corporate Information Security Program and consists of: Risk Assessment, Code of Conduct and Ethics, Training and Communication, Internal Investigations, Due Diligence, Monitoring and Audits.
How have you addressed this challenge?
Choosing vendors and partners willing to work with us to satisfy relevant PCI DSS requirements and working hard to continue to maintain and keep controls up to date.
How has your company benefited from having a PCI DSS program?
Our PCI DSS program has helped us maintain all contracts with our clients and address new challenges with issuers, banks and acquirers.
What are critical factors for achieving executive level buy-in and budget for a PCI DSS program?
Commitment of senior management and continuous monitoring of security controls.
What recommendations would you give to other companies on making a business case for a PCI DSS program?
Obtain the commitment of senior management and employees; maintain a solid annual budget for the program; monitor and develop continuous security controls; implement due diligence for suppliers; and have a great team capable of supporting the program
A key challenge is managing the costs involved with implementing and maintaining PCI DSS and establishing a PCI DSS program. The PCI DSS Program is an important part of the Corporate Information Security Program and consists of: Risk Assessment, Code of Conduct and Ethics, Training and Communication, Internal Investigations, Due Diligence, Monitoring and Audits.
How have you addressed this challenge?
Choosing vendors and partners willing to work with us to satisfy relevant PCI DSS requirements and working hard to continue to maintain and keep controls up to date.
How has your company benefited from having a PCI DSS program?
Our PCI DSS program has helped us maintain all contracts with our clients and address new challenges with issuers, banks and acquirers.
What are critical factors for achieving executive level buy-in and budget for a PCI DSS program?
Commitment of senior management and continuous monitoring of security controls.
What recommendations would you give to other companies on making a business case for a PCI DSS program?
Obtain the commitment of senior management and employees; maintain a solid annual budget for the program; monitor and develop continuous security controls; implement due diligence for suppliers; and have a great team capable of supporting the program
Brazil Regional Engagement Board
The PCI SSC Brazil Regional Engagement Board (REB) represents the perspectives of PCI Participating Organizations and PCI constituents in Brazil, advising and providing feedback and guidance to the PCI SSC on standards and programs development and adoption in Brazil. Braspag is an active member of the Brazil Regional Engagement Board, which represents perspectives of PCI Participating Organizations and PCI constituents in Brazil, advising and providing feedback and guidance to the PCI SSC on standards and programs development and adoption in Brazil.