Top Patch delivers information security products to reduce risk, increase data security and ensure compliance. TopPatch's Remediation Vault™ is the industry’s first peer-to-peer patch distribution product. Even with existing patch management solutions, Remediation Vault ensures completeness, coverage and speed so that vulnerabilities are patched before hackers can exploit them. With Remediation Vault, the vulnerabilities in the software installed on Unix, Linux, BSD, OSX and Window’s operating systems are up to date with the newest security patches. TopPatch services include HIPAA/HITECH compliance management, PCI compliance management, intrusion detection/prevention systems, forensics, end-to-end data privacy compliance management, vulnerability assessment and management, log monitoring and management, FFIEC, GLBA, NCUA, NERC, and SOX compliance.

1. 5 MYTHS ABOUT
PCI DSS
COMPLIANCE
PROGRAMS

2. Top Patch delivers information
security products that reduce risk,
increase data security and ensure
compliance.
• Remediation Vault™: first peer-to-
peer patch distribution product.
• Vulnerabilities patched before
hackers can exploit them.
• Unix, Linux, BSD, OSX and
Windows OS protected with
newest security patches.
www.toppatch.com
Email: alex@toppatch.com • Twitter: @toppatch
©TopPatch • All Rights Reserved 349 Fifth Avenue, New York NY 10016, (646)

3. 5 Myths About
PCI DSS Compliance Programs
PCI DSS Compliance Programs:
Store, transmit, process credit card information
securely
• Payment brands and acquirers responsible to
enforce compliance.
• There are 12 requirements involving business
processes and technologies to secure consumer
information.

4. 5 Myths About
PCI DSS Compliance Programs
• Myth #1: “Single product and vendor are
sufficient”
• No single vendor can address the 12 PCI DSS
requirements.
• Beware of single product/single vendor
approaches.
• Implement holistic strategy, focus on bigger
picture.

5. 5 Myths About
PCI DSS Compliance Programs
• Myth #2: “We are a small merchant, we are
exempt”
• PCI applies to all merchants and organizations
accepting cardholder data.
• Even if you process a handful of transactions.

6. 5 Myths About
PCI DSS Compliance Programs
• Myth #3: “We are compliant because we
outsource credit card processing”
• Outsourcing simplifies payment card
processing.
• It does not result in automatic compliance.
• Make sure provider’s terminals and applications
comply with PCI standards and don’t store
sensitive cardholder data.
• Request a certificate of compliance.

7. 5 Myths About
PCI DSS Compliance Programs
• Myth #4: “PCI will make us completely
secure”
• PCI does not translate into permanent
security.
• Security exploits continue.

8. 5 Myths About
PCI DSS Compliance Programs
• Myth #5: “We need to hire a Qualified
Security Assessor (“QSA) in order to meet PCI
requirements”.
• PCI does not mandate hiring a QSA.
• Hiring a QSA provides an officer sign-off if
acquirer or merchant bank agrees.
• Smaller business may assess their
business using the Self-Assessment
Questionnaire found on the PCI web site.
• PCI DSS Compliance requires merchants to
have a quarterly vulnerability scan by a PCI
SSC Approved Scanning Vendor (ASV).

9. Top Patch delivers
information security
products that reduce risk,
increase data security and
ensure compliance
Request a free trial of
the Remediation Vault
for
Best-In-Class Patch
Management
Alex
Email: alex@toppatch.com
(646) 664-4265
349 Fifth Avenue, New York, NY 10016
www.toppatch.com
Twitter: @toppatch