Foxmeyer Case Study Analysis Information Technology Essay

Foxmeyer Case Study Analysis Information Technology Essay FoxMeyer chipped away at thought of introducing an ERP framework to process the million request demands organization got every day. ERP framework will deal with the bundling and directing of pharmaceuticals from different merchants to a huge number of emergency clinics, centers, sedate stores, and different partners. To seek after with the establishment, Company employed Andersen Consulting and different specialists to help with the establishment. Along with ERP, FoxMeyer chose to introduce another stockroom robotization framework, expanding the multifaceted nature of its arrangement. FoxMeyer purchased the product from all around experienced seller. These frameworks were intended to consequently pick over 80% of active requests from racks in distribution centers. Ans1a. FoxMeyer pharmaceuticals had certain basic issues in the change the executives on account of lack of common sense and not investing on additional amounts of energy in usage of ERP framework. There were sure issues engaged with representatives with usage for two frameworks in an immense scope which came about them undermined over yonder employment affirmation. At FoxMeyer, reports uncovered senior administration was profoundly dedicated in the beginning stage yet in addition a few clients were not as submitted. There was some resolve issue among the distribution center workers as the undertakings Pinnacle stockroom mechanization combination undermined their employments. The end of three distribution centers and the change to the principal robotized stockroom as calamity. Harm done by the representatives was tremendous misfortune to organization. Disappointed laborers harmed inventories, orders were not recorded and furthermore there were colossal mix-ups happened since another framework battled with the elevated level of volumes. An aggregate, measure of around $34million worth of stock were lost as damage. Ans1b. Change Management is one of the basic stages an association needs to take while executing an ERP framework. Since one the serious issue emerges in the FoxMeyer was the loss of certainty among workers in their employer stability. One of the principle contributing components to this misfortune in the FoxMeyer case is the robotization of procedures and primary benefactor being the computerization of errands. Actualizing change without earlier arranging or legitimate system in FoxMeyer made catastrophe as well as disarray and agitation among laborers. Being the Boss of FoxMeyer, I would recommend following procedures in ERP usage: Correspondence Strategy: Management in FoxMeyer ought to be alloted to talk about future systems to guarantee a careful methodology. This Strategy will incorporate getting ready task plan, venture progress report and trainings for workers. FoxMeyer introduced the instance of one-end correspondence where Management were seen driving their choice to laborers which made tumult and laborers were not dedicated to change. Having legitimate correspondences from both side had brought about better participation and inspiration for workers. Effect investigation: This is a technique completely decided the current framework and examination how the ERP framework will influence the Human Resource and business condition. FoxMeyer laborers were not given data the purpose behind change and nor was counseled for the readiness of ERP framework usage. Business forms should be methodicallly reported particularly for the region which might be influenced by new framework. Data will be recorded is expected set of responsibilities and employment history which will build composes correlation on how the genuine business procedures may shift from what has been reported. This examination will help FoxMeyer to break down how fundamentally the ERP framework may influence the framework, which will be the most influenced by the execution and what pouring may be required to guarantee the perfection for the usage of new framework. Abilities investigation: Major issues during ERP usage is preparing. AS the FoxMeyer laborers were not prepared appropriately for the new framework, which brought about poor request handling, stock lost and more prominent disarray. This additionally slaughtered the interests of laborers towards change and made them less dedicated. This methodology will help FoxMeyer to break down, who needs preparing to seek after occupations purposes, to discover that should be prepared and what abilities organization need to created. FoxMeyer will get and prepare staff from inner divisions appropriately and train them to work with new framework. Ans2a. FoxMeyer Project of executing ERP framework planned to spare $40 million every year and task cost assessed to be $65 million and furthermore with complete establishment ERP framework and Automation framework was another $18 million. Ans 2b. The Project lead to Bankruptcy for FoxMeyer. FoxMeyer had a financial plan of $65 million for usage of SAP however the last execution bill was more that $100million. Additional expense likewise incorporates  £34million loss of uncollectable delivery a stock expenses. Different costs that FoxMeyer paid was loss of clients, showcase notoriety, Loss of workers, structure and Loss in Share esteems. Ans2c. An Enterprise Resource Planning (ERP) framework covers the methods and ideas utilized for the coordinated administration of organizations in general from the perspective of powerful utilization of the executives assets, to improve the productivity of a venture. They have numerous focal points both immediate and circuitous. The immediate favorable circumstances incorporate improved proficiency, data joining for better dynamic, quicker reaction time to client questions and so forth. The aberrant advantages incorporate better corporate picture, improved client altruism, consumer loyalty, etc. (Sourced from: http://www.articlesbase.com/programming articles/a-formula and-elements for-erp-disappointment 124383.html) FoxMeyer advocate ERP arrangements as a piece of their key advancement plan which would help to re-engineer their business forms so as to achieve long haul objectives. Real expense for associations doesn't just incorporate establishment cost, human expense and permitting cost. There are different expenses with the execution of ERP which as following. These expenses are difficult to quantify however are route higher than genuine expenses. Task Costs: FoxMeyer had recognition that proceeded with discernment will creates enormous adjustments for example the organization expected a sparing of $40 million every year. Mental Costs: the specialists had earlier records and history of progress which urges associations to proceed with the extend and create exclusive requirement with venture, coming about lopsided speculations. FoxMeyer had increasingly like this with what it could bite however setting out on a most optimized plan of attack venture with untalented staff. Social Costs: The counseling organization didn't remotely legitimize anticipated. De-raising the undertaking through relinquishment would have implied terrible exposure. Association Costs: Organizations pay gigantic misfortunes over deferral in tasks or absence of use strategies which results undue ventures with no yields. Absence of progress the board may likewise bring about request to control the expanding expenses of tasks and staff issues. Supervisors must acknowledge other open door cost include in the ERS framework suggestion for instance money outpourings which may bring about better yields in putting resources into different zones. Ans3. FoxMeyer had investigated and examined maturing populace of America which introduced grounds to extend their business and chance to become greater. Ans3a. FoxMeyer marked the agreement to flexibly University Health System Consortium (UHC) Ans3b. FoxMeyer expected a development in business because of a maturing populace and foreseen a development in the pharmaceutical Industry. FoxMeyers long haul objectives were to bring down their working costs, deal with the stock all the more effectively, increase more noteworthy offer by growing business sector and deals. FoxMeyer subsequent to creating and actualizing new ERS framework needed to upgrade more tasks and effectiveness and produce more request handling frameworks. Ans4. Dangers engaged with the undertaking Implementation in Fox Mayer: Specialized Risk: High innovation consistently requires broad capital for improvement. In Addition high innovation needs innovative work. It needs broad testing which takes additional time and subsidizing. FoxMeyer had a go at actualizing programming with a theory of prehistoric cosmic detonation without broad examination or preliminaries. Authoritative Size: FoxMeyer being $5 billion Company functioning as discount wholesaler and maker of pharmaceuticals item. Organization broadly actualized EPR framework thoroughly considered its association as entire rather trying and observing achievement specifically office or territory. This brought about abrupt change in business activities and giving workers progressively extreme time with their activity without broad preparing and ability appraisal. Specialized Novelty: SAP framework utilized by FoxMeyer was given elite and sparing organization with a $40million for each year on its operational expenses. Despite the fact that the advances were new and have not been inferred or tried anyplace in pharmaceuticals. FoxMeyer settled on a speedy choice without looking into or appropriate examination of SAP which later on made devastations and issues for FoxMeyer after usage. Indeed, even the SAP programming was not perfect with current equipment and frameworks utilized by FoxMeyer. Organization even neglect to break down the proficiency of utilization in eventual fate of enormous requests since it has plans of development. Specialized Expertise: SAP was new innovation for FoxMeyer laborers and they need fundamental abilities to work the organizations utilizing new innovation. SAP was acquainted with theory of how things came to be with the laborers without appropriate preparing and abilities appraisal. Ans5a. FoxMeyer utilized a hypothesis called enormous detonation Adoptions hypothesis. This hypothesis portrays the selection kind of the moment changeover, when everyone with new frameworks moves to the completely working new frameworks on given date. Ans5b. FoxMeyer venture Risks of client command which depends on responsibility from both top administration and clients. Albeit senior administration responsibility was high, reports uncover that a few clients were not as submitted. There was a resolve issue among laborers

Philosophy Unit Essay

An idea or thought that can't be valid or bogus | God, Dog, Evil | Proposition | An explanation which is either right/wrong | â€Å"God is pink† | Knowledge | Expressed in suggestions that are shaped by joining ideas, state something that is valid or bogus | â€Å"The hound is Yellow† | Three Types of Knowledge | †Propositional-â€Å"Know that† †Knowledge by Acquaintance †â€Å"Know of† †limit/Ability †â€Å"Know how† | A Priori | Propositional information that we know is directly previously (sense) experience | â€Å"2+2=4 â€Å" | A Posteriori | Propositional information that we know is correct simply after (sense) experience | â€Å"The sky is blue† | Synthetic | false by definition †Tells us something significant about the world | â€Å"Snow is white† | Analytic | True by definition | â€Å"All Bachelors are unmarried men† | Necessary | Had to be valid, valid in every conceivable world | Maths †2+2=4 | Contingent | Could be in any case | â€Å"Obama was chosen President† | Induction | Reasoning that reaches determinations from a limited assortment of explicit perceptions. | 1). The sun has consistently risen 2). The sun will consistently rise | Deduction | Reasoning in which the end must follow the premises | 1). Man is mortal 2). Socrates is man 3). Socrates is mortal | Innate | Knowledge that is available in the psyche during childbirth | Conceptual Schemes †Kant | Intuitive | suggestions that we know are directly through unadulterated idea | â€Å"I think thusly I exist† †Descartes | Empiricism | Argues that you can just have systematic from the earlier information | â€Å"All Widows were once Married† (Analytic from the earlier) | Rationalism | Argues that you can have explanatory and engineered from the earlier information (Not Plato) | â€Å"God Exists† †Descartes (Synthetic from the earlier) | All Ideas Come From Experience: Empiricism John Locke | David Hume | The brain is a Tabula Rasa †Blank Slate Sensation + Reflection Basic, complex, and conceptual thoughts Simple thoughts originate from sensation Complex + Abstract originate from reflection | Sensation makes impressions in our psyches Ideas are ‘faint impressions’ of sensations which are ‘vivid and forceful’ All musings are blends of thoughts e. g. Brilliant Mountain | Counter Arguments: Not every single basic thought originate for a fact Missing shade of blue †Hume | Complex/Abstract thoughts are not as a matter of fact general thought is required to frame the theoretical thought †Curruthers | Some thoughts are intrinsic Ideas of God/Infinity †Descartes Veined Marble †Leibniz All information is natural in the spirit, simply should be reviewed †Plato | Information about what exists must be defended by sense understanding: John Lock | 2 Fountains of Knowledge †Sensation + Reflection All thoughts are from these †So all suggestions must be too | BUT | David Hume | Hume’s Fork Relations of Ideas †Analytic from the earlier information Matters of Fact †Synthetic a posteriori information Anything is ‘Empty Metaphysical Speculation† and ought to be ‘cast to the flames’ e. g. God | Hume’s Fork itself is ’empty supernatural speculation’ †negates itself | Alfred Jules Ayer | Verification Principle Analytic or Empirically Verifiable (can be demonstrated by understanding) Anything else is insignificant e. g. Vastness | John Stewart Mill | No from the earlier information All information is a posteriori and learnt through enlistment, including rationale and science | What about logical from the earlier information? â€Å"A lone wolf isn't married† | Strengths: Sets away from on suitable objects of information †Allows us to learn without being diverted by ‘Empty Metaphysical Speculation’ The view mirrors our experience of learning †It clarifies why we learn as we do Counter Arguments: Sense experience is never sure †Leads to suspicion Senses, Dreams, Deceiving Demon †Descartes Cave Analogy †Plato | Some information about what exists is known from the earlier Self/God/EW †Descartes Forms †Plato Causation, self, space †Kant | Knowledge of relations of thoughts is from the earlier Don’t get increasingly certain †True in every single imaginable world †Russell | Experience alone is incomprehensible Needs to be interceded through a calculated plan †Kant, Saphir/Whorf | Mind contains natural information: Plato | All information is intrinsic Slave Boy Analogy No training yet perceives the evidence Learning as recalling/recollecting provoked by addressing Reason perceives truth not the faculties | But rather Boy is incited through inquiries | Leibniz | Veined Marble Mind not detached †contains ‘natural tendencies and auras, propensities or potentialities’ | Kant | Conceptual Schemes are natural Categories are inborn e. g. Space, Time, Self | The applied plan is inborn limit/capacity information, not propositional information | Counter contentions: This information can be clarified through instinct and conclusion Reason finds the information †Descartes | Innate information is preposterous †There is no all inclusive consent Children and imbeciles don’t know the easiest certainties †Locke | Innate information is a ‘near contradiction’ †Impossible to know however not realize that you know †Locke | Doctrine of Innate Ideas: Descartes | Ideas are either: Adventitious †From experience Factitious †Made up by us Innate †In the psyche during childbirth | ‘God’, ‘Infinity’, and ‘supreme perfection’ are not experienced or made up They should accordingly be intrinsic (Trademark Argument †We are aware of God, yet don't encounter God †He left his blemish on us †This is natural) | Innate thoughts give the materials to motivation to think create information without requiring experience | Counter Arguments: John Locke | The brain as a Tubula Rasa (slank record) during childbirth There is no inborn information just a posteriori information We have of positive thought of unendingness Infinity is characterized in the negative ‘never ending’, just ever experience having the option to include more | David Hume | All thoughts are framed as a matter of fact E. g. Brilliant Mountain †God is only characteristics in man consolidated and â⠂¬Ëœaugmented without limit’ | Information Through Intuition + Deduction Key Terms | Intuition | Self apparent certainties †Reached through unadulterated idea | Deduction | Conclusion came to by following same premises e. g. Sudoku †Original numbers are undeniable, different numbers found through explanation. Answer is sure | Descartes | Intuition | Self as a reasoning thing exists (The Cogito) | Deduction | God Exists ; External world exists (Ontological Argument) | Counter Arguments: Descartes’ instincts and derivation don’t work Existence of self not known through explanation †Cogito just demonstrates just the presence of thought, not a scholar e. g. BFG (Big Friendly Giant) Ontological Argument neglects to demonstrate the presence of God †Only demonstrates speculative reality †Hume Proof for presence of outer world relies upon presence of a decent God | Hume’s Fork Reason restricted to redundancies/relations of thoughts | No from the earlier information †Mill | Is assurance limited to contemplation and the repetitious? Key Terms | Introspection †Looking inwards I. e. Inside encounters Tautology †Saying something very similar twice E. g. Turn around Backwards (I. e. Scientific) | David Hume | Hume’s Fork Reason is restricted to the importance of words | Descartes | Experience is constrained to quick mindfulness We can never be certain that the outer world compares to out encounters (we may be dreaming/evil presence) | Ends: David Hume | Yes | Hume’s Fork Only relations of thoughts can be sure, all issues of actuality are available to question | Descartes | No | Reason can find certain information on the world through instinct and conclusion e. g. God exists | Kant | No | We can have certain manufactured from the earlier information on our reasonable plan e. g. We will see the world in space, time, causation | Yes | We can never know about the universe of the noumena | Experience is clear because of a theoretical plan: Kant | Mind is dynamic †Organizes understanding into classifications e. g. File organizer Ordered into Space/time/causal relations/solidarity Conceptual plan > Universal, from the earlier, important | Implications | Synthetic from the earlier information on the classes is conceivable e. g. Cutout similarity †Cutter is set (reasonable plan), What it is cutting can change, yet at the same time get a similar shape Only know the wonders, never the noumena Fishing Net/Blue Spectacles Analogy | Saphir/Whorf | Experience is requested because of the language that we utilize Linguistic relativism †Societies sort out understanding by characterizing thing with words e. g. Inuit + Snow, and Hopi + Time Conceptual Scheme > A posteriori, relative unforeseen | Implications | World as it is as yet mysterious No intrinsic plan, rather a scope of various plans |

Why You Need PCI DSS Compliance How to Pass The Audit

Why You Need PCI DSS Compliance How to Pass The Audit We are working in an age where it looks like a big part of our lives went through a digital converter. All the information we possess is slowly being turned in to Data, even in parts we didn’t expect, such as our finances.This does not necessarily need to be a bad thing for us and the security of our assets, if it is handled correctly.The way we do that is by enforcing certain rules and regulations that we can abide to in order to uphold a well established standard of working.Since there are many Fields in which we have went digital so to there are different types of standard and regulations that we have created.To get a better picture, some of those fields are:FinancialResearchMedicalMilitaryThe reasoning behind this is that, each field has their own specific set of standards that they need to uphold. Meaning that one set of rules for the Financial Field might not be fully applicable to the Medical Field.In this article we will focus on the Financial field as an example of this ki nd of regulatory obedience, more importantly the Payment Card Industry.WHAT IS PCI DSS AND WHY GET CERTIFIED?The PCI DSS (Payment Card Industry Data Security Standard) is a set of security standards made for companies which process store or transmit any type of credit card information. It has been created to provide and maintain a secure Financial Environment, above all.In the documentation, its key components are broken down in to certain mile stones or goals to make it easier for any company undertaking this process to segregate individual tasks and requirements.These Goals Have been well explained in the following table:Build and Maintain a Secure Network1. Install and maintain a firewall configuration to protect cardholder data2. Do not use vendor-supplied defaults for system passwords and other security parametersProtect Cardholder Data3. Protect stored cardholder data4. Encrypt transmission of cardholder data across open, public networksMaintain a Vulnerability Management Prog ram5. Use and regularly update anti-virus software or programs6. Develop and maintain secure systems and applicationsImplement Strong Access Control Measures7. Restrict access to cardholder data by business need-to-know8. Assign a unique ID to each person with computer access9. Restrict physical access to cardholder dataRegularly Monitor and Test Networks10. Track and monitor all access to network resources and cardholder data11. Regularly test security systems and processesMaintain an Information Security Policy12. Maintain a policy that addresses information security for employees and contractorsFrom this we can get a good glimpse in the processes handled in order to get PCI DSS Certified. But what does it mean to get Certified and why should you follow any of this?ReputationBecoming PCI DSS Certified companies give their clients the ease of mind that they are not a shady merchants and that they are in fact upholding the operation to a certain rigorous standard. This makes busines s a lot more productive and of course secure.SecurityThe overall Security that companies gain through the implementation of such a standard is a great reason on its own why they should get certified. Having a process which enables a company to have greater overall control of what is going on within their infrastructure and policies set in place to know how to react is a great boon for any enterprise.TrustThis is the biggest reason for certification. When someone reads that the company from which they are buying from is PCI DSS Certified they are well aware that certain measures have taken place and it is easier for clients to trust the company a lot more if the company itself invests in Security.MandatoryIn some cases is it mandatory to be certified.Basically if someone is dealing with client information such as their personal numbers or credit card details, in order for the business itself to run in certain locations or fields it must be PCI-DSS Compliant first. Otherwise there is the matter of extravagant fines from third party audits which go to great lengths to protect the personal data of their clients usually by legal means.The reasoning behind why companies should get certified is solid, but how do they actually get certified?WHAT IS A COMPLIANCE AUDIT?An Audit is the process of making sure that all previously mentioned goals, such as in the table above, are actually met.Usually Auditors or professionals which are very knowledgeable in their field, perform these audits in order to give their clients a passing score that they are in fact upholding their end of the deal.Auditors go through each checkpoint so to say, depending on the type of compliance in question and review everything they believe should be upheld. Auditors usually tend to be from completely neutral third party companies that have nothing to do with the company they are actually auditing.This preserves the common interest between parties and it makes sure that no foul play such as false c ertifications are taking place.The process is usually resembling a very thorough and practical QA of sorts. Where both the company in question and the auditor sit down and go through each step in a methodical way. The company provides evidence to whatever the Auditor requests and if they are satisfied, these segments get a passing score.Otherwise, if certain goals are not met and the Auditor is dissatisfied they have the means to not grant certification or even re-certification to companies until they fix everything. Usually a good time frame for these kinds of actions is given in order for everything to be dealt with in a comprehensive manner.Afterwards another audit takes place and if this time everything checks out, the company receives the highly sought after certification for being Fully Compliant.Different types of auditors are needed for different types of Compliance Certifications. They are usually focusing on one or two at the most, it’s often very hard to have an auditor which specializes in more.Compliance Auditing is important because it is most of the time the only way to get comprehensively certified in a neutral non-repudiating path.GETTING PREPARED FOR THE PCI DSS AUDITIn order to get acquainted with what is needed in order to get certified, we need to go through the PCI DSS Goals.Firewall ConfigurationHaving a Firewall in place is not enough. It needs to be well managed and configured. The difference between a bad auditor and a good one is the difference between what they accept is fine. A bad auditor is perfectly fine if the company shows them a firewall is active while a good one will question further and would usually want to see if it is Properly Configured as well and in some cases even test it.Usually Auditors are either Penetration Testers themselves or they have such professionals on standby to make different types of checks before they can verify that everything is working as it should. Make sure that your firewalls are well configu red.Vendor Supplied DefaultsUsually after an installation, inexperienced system administrators will leave the default credentials on the systems they have installed.This is a hazardous way to run things inside ones infrastructure since if an attacker finds out what type or version of technology is running on the systems, they can immediately try out all defaults first. This sounds basic, but you would be surprised how effective and common it is.Roaming through highly secured networks in order to fail on the most basic of security implementations such as default credentials. Always make sure that everything is custom and changed since before even deploying.Protect Stored Cardholder DataCardholder Data usually refers to the vital information gained from Credit Cards or any other appliance which could seriously jeopardize ones privacy.Usually Banks as well as other establishments that need to hold on to this kind of data, have to have certain protocols in how they actually preserve it from being compromised.For example there are a few questions that the Auditor could ask:Is the Data Encrypted?Is there Physical Security on site where the Data is being stored?What proactive measures such as CCTV cameras do you have in place?Is the data shared with anyone at any time?The answers to these types of questions may well be the difference between a passed or failed audit.Encrypt TransmissionAt some point in time, this type of data may be transferred. Either inside the infrastructure or publicly. During these transfers it is imperative that the data is encrypted at all times. Since it leaves from its source all the way to its destination. The reasoning behind this is the sniffing that could occur inside the network.Basically sniffing is the act of trying to intercept data when it is flowing from one point to another in order to capture it. But if the data itself is encrypted, even if it is captured it remains unintelligible. Encryption also has to be something which is cur rently held as a standard, it can’t be outdated or already proven to be easily cracked.Regularly Update Software Anti-VirusThis one I believe needs no introduction. It’s basic Security standard 101. Even so, many companies do not take responsibility on regular updating of their systems.This is becoming the main issue of infiltration today. Attackers usually manage well known exploits for older systems.Basically the older a system is the more likely it has already been exploited and exposed publicly. Attackers use these exploits to get inside. In order to prevent this, the best way is to hold your systems constantly updated and at their newest versions as to minimize the chance of public exploits working.Also, having an Anti-Virus on all hosts prevents most known malware to be activated on your system. Having the Anti-Virus updated constantly also makes sure that the latest signature database is up and running which mitigates any newly released threats as well.Develop Maintain Secure Systems and ApplicationsCustom made applications are usually a part of most companies which deal with payment methods. These systems can be proprietary and as such will need custom maintenance and dealing with bugs/security risks. Also the overall infrastructure on which it is hosted will demand good upkeep both in a practical and secure way.Basically, this point focuses on our custom builds and what we can do to make them better. Good configuration for example comes in to mind for these systems/applications.The difference often between a secure environment and a not so secure one lays in the way it was configured. Basically what it was approved to allow. Sometimes as we mentioned before defaults are not the best way to go since they might allow many unfavourable settings as well.Restrict Access to Card Holder Data by Need To Know PrincipleBasically, only the applications, databases, servers, nodes or people that absolutely need to have access to the Card Holder Data should b e allowed and no one else. This enforces the Need To Know Principle. For example, servers that have no need to access the data in any way, should not be allowed to have any network connectivity to said data.This prevents many types of missuses and attack vectors. For example if the Server that does not need to have contact is in fact compromised then it simply can’t get to the Card Holder Data.On the other hand, if everything in the network for example was allowed and any person that wanted to could pop up a shell and look through everyones records, there would be a disaster and this would not be compliant to PCI DSS Standards.Unique ID for each person that has accessEveryone that can connect on the network which is in any way close to the Card Holder Data should have their own unique ID. The reasoning behind this is that everyone has to be accountable for their actions.All run commands need to be logged and the administrators should know exactly who ran them. In the case of an em ergency or an issue, it will be well documented who caused said issues.Restrict Physical Access to Card Holder DataThe Systems or nodes which are used to connect to the Card Holder data or the ones that actually store it need to be physically protected. By using CCTV Cameras, doubled fences, Mantraps, Biometrics, etc. We make sure that access is on a need to know basis.Track Monitor all Access to the Network Card Holder DataMonitoring is one of the main ways to make sure that you have complete control of your traffic and general access. In order to have a comprehensive list of users or applications that have tried to contact the locations of the Card Holder Data you need monitoring tools and proper logging in place.Logs are a great way to provide you with evidence of what is happening and where it has already happened. By constantly monitoring all critical servers and services, companies are making sure they have a good foothold in what is happening inside their infrastructure.Reg ularly Test Systems ComponentsThis part is more inclined to Penetration Testing. Companies usually hire Penetration Testers to regularly check their Security Perimeter. This is done either Quarterly as Vulnerability Scanning or Annually as Full Blown Penetration Testing.The client wants everything connected or relevant to the Card Holder Data to be tested, basically all of the parameters that we have said are in place, now are, well, put to the test.The penetration tester will usually have a Final Report where they will explain all of the shortcomings which the client needs to have fixed within a given deadline before an auditor comes. If everything has been properly fixed, the company is certified for PCI DSS.Maintain a Policy that Addresses Information Security for All PersonnelThis point is more or less focused on the executive management rather than technical points. Basically this is where the management of the policies and paperwork come in to play. To comply with this point, the company must publish and maintain a good Security Policy which is reviewed annually and updated depending on needed changes.Aside from this, a Risk Assessment process is also implemented in order to identify threats and measure them accordingly. All personnel should also have clearly defined positions and tasks that they should carry out.It should never be left to ad hoc choices, instead it should be perfectly documented as to who is doing what and more importantly who is responsible if anything happens.We went through all of the 12 Requirements for PCI DSS and as such are now a little more knowledgeable on the subject. As it is mentioned in each one, it is vital for everything to be properly managed, documented and established.Doing things in a way that will jeopardize these requirements by usually cutting corners or costs is a full proof way to get denied PCI DSS Status.These points are there for a reason. Each has its place and meaning.RE-CERTIFICATIONAlthough going through such rigorous testing would make most people believe that it is a one time thing, actually PCI DSS needs annual re-certification.Security is a maintained process, technology moves fast and upkeep is needed as within any environment.As we mentioned earlier, audits are needed in order to confirm the validity of the security perimeter previously set in place. The auditor in question does the same validity checks as before, but this time with a bit more accent on the higher class issues from last time.The same format is upheld as well the second time around, checks by means of Penetration Testing are done, security measures are analyzed and documentation is reviewed. It is vital to mention that the auditor in this stage has the power to revoke the PCI DSS certificate if they seem fit to do so.This however does not come quick, even if inefficiencies are found in the infrastructure, usually the auditor has to give the company in question a decent period to fix all of the findings in order to get re-certified. Of course if results are not delivered within the given time frame, then sanctions such as revocation of PCI DSS Certification is undertaken.Though through constant vigilance and upkeep, companies can have a fairly easy re-certification process. If throughout the year, since as we mentioned, re-certification comes annually most times, have kept up their guard and went with all of the best practices everything should run smoothly.CONCLUSIONGetting PCI DSS Certified is no easy task. Usually it requires tremendous amounts of effort from many fields and many divisions inside a company. IT Staff have to talk to Managers, C-Suite has to develop proper strategies and so on.But ultimately, having PCI DSS Status is worth it, because it shows that you went through all of this trouble just so that your end users are safe and that gives a sense of security to all that use your services or products.