“Time is money” is a very relevant phrase for IT professionals. One of the biggest ways that time can be inefficiently spent in the IT department is found in companies that process payments from major credit cards and store cardholder information. It has to do with the Payment Card Industry Data Security Standard, or as it’s known in the industry: PCI compliancy. In order to prove that a customer’s information is safe from hackers, IT departments need to follow a long list of guidelines that range from making sure their POS system is approved, to ensuring that the door protecting the servers has the right type of locks installed. For those who choose to store their organization’s data on local servers, the ever-changing compliance standards can be a daunting beast to tackle every year.
When it comes to collecting secure payments through a PCI compliant system, your organization has a few options. For the team at University of Massachusetts Amherst, their main way of dealing with it was to put their heads down and charge through the work. “We were Enterprise before, so at first we had our server in an office,” says Christine Texiera, Technology Manager at the University of Massachusetts, who had to jump through a lot of hoops to make sure her company was doing everything by the book. “We moved our servers into a server room on campus that had all of the things for PCI compliance, but we still had to keep going through the new self-assessment questionnaire and making sure we’re compliant to all of the bullet points that they had, and they kept getting more and more difficult. It’s about 70 pages worth of documents to read through and it’s a very technical process, so it’s not my favorite thing to do as an IT person.”
But even when the Christine dedicated her time, this was no easy task. “It would take me a long time to complete everything they were asking for. The first time it took me about 2 weeks to answer all the questions, so maybe 80 hours of solid work.”
After following this procedure for years, Christine and her team were blindsided by a new requirement they had to meet in order to be PCI compliant. They were told that they’d have to buy all new servers, and that ended up being the straw that broke the camel’s back. After much consideration from the team at UMass, they decided that the solution was to host this sensitive information somewhere else. Christine’s team looked to AudienceView to handle the sensitive data, and saw changes to her workflow almost immediately. “What once took me weeks to do now took around four hours, just because so much of it was in someone else’s hands.”
“AudienceView is managing the network infrastructure, and they’re doing it in a way that’s excellent. And the other thing is that, even though we are still involved in the self-assessment questionnaire process, it’s a lot easier. I don’t have to worry about backups, I don’t have to do database maintenance, I don’t have to worry about getting up in the middle of the night if the system goes down.”
By allowing AudienceView’s PCI compliant hosting solution to do the heavy lifting, Christine and her team have more time to spend doing what they love. “I like lots of data and lots of information so I can see what I can do with it, says Christine. “And if we don’t have the data in AudienceView, we can’t do great things with it.”