PCI DSS Compliance

"Payment Card Industry Data Security Standard", PCI DSS, formed in 2006 is a structure created by the PCI Security Standards Council. This open global forum raises awareness, manages, educates and develops the PCI Security Standards. For rapid development in payment card technology, PCI SSC is responsible for its regular updates. PCI DSS main aim is to set operational and technical requirements for individuals who own card holder data, so there could be a decrease in breaches in payment data security and fraudulent payment card activities.

SOC(SOC 1, SOC 2 & SOC 3)

Service Organisation Controls aims to protect the interest of the user entity while receiving services from the service organisation. Upon implementation of the framework, it is a demonstration of internal control over financial reporting (ICFR).


The EU General Data Protection Regulation (GDPR) replaces the EU Data Protection Directive 95/46/EC (DPD). It is a common law for all EU countries to support the secure, liberal movement of data across EU boundaries. It puts data subjects at the forefront of data security and aims to protect all EU citizens from privacy and data breaches. If you control and process Personally Identifiable Information (PII) or sensitive personal information of EU citizens you must comply with the regulation by May 2018. Even if you do not have offices or employees in the EU zone you must still comply.


"The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for sensitive patient data protection. Companies that deal with protected health information (PHI) must have physical, network, and process security measures in place and follow them to ensure HIPAA Compliance. Covered entities I involving anyone providing treatment, payment, and operations in healthcare and business associates organizations who has access to patient information and provides support in treatment, payment, or operations must meet HIPAA Compliance. Other entities, such as subcontractors and any other related business associates must also be in compliant.

VISION ISO consults for compliance with HIPAA is mandatory when organizations deal with PHI in any way. HIPAA exists to protect the security and the privacy of patients and their information. The act covers both protections from breaches and the necessary steps that must be taken if a violation does occur."


The Health Information Trust Alliance (HITRUST) has established a Common Security Framework (CSF) that can be used by all organizations that create, access, store, or exchange sensitive and/or regulated data.


"Reserve Bank as “to regulate the issue of Bank notes and keeping of reserves with a view to securing monetary stability in India and generally to operate the currency and credit system of the country to its advantage; to have a modern monetary policy framework to meet the challenge of an increasingly complex economy, to maintain price stability while keeping in mind the objective of growth.” National Payments Corporation of India (NPCI), an umbrella organisation for operating retail payments and settlement systems in India, is an initiative of Reserve Bank of India (RBI) and Indian Banks’ Association (IBA) under the provisions of the Payment and Settlement Systems Act, 2007, for creating a robust Payment & Settlement Infrastructure in India.

Considering the utility nature of the objects of NPCI, it has been incorporated as a “Not for Profit” Company under the provisions of Section 25 of Companies Act 1956 (now Section 8 of Companies Act 2013), with an intention to provide infrastructure to the entire Banking system in India for physical as well as electronic payment and settlement systems. The Company is focused on bringing innovations in the retail payment systems through the use of technology for achieving greater efficiency in operations and widening the reach of payment systems."


Insurance Regulatory and Development Authority (IRDA) Act, 1999 spells out the Mission of IRDAI as: “.to protect the interests of the policyholders, to regulate, promote and ensure orderly growth of the insurance industry and for matters connected therewith or incidental thereto.” Functions and Duties of IRDAI


The Preamble of the Securities and Exchange Board of India describes the basic functions of the Securities and Exchange Board of India as “…to protect the interests of investors in securities and to promote the development of, and to regulate the securities market and for matters connected therewith or incidental thereto”.