Skip to main content
Elo - Technical Support Help Center home page
Products
Mobile Computers Monitors POS Terminals Touchscreen Computers Open Frame Touchscreens Touchscreen Signage Medical-Grade Touchscreens Touchscreen Components Touchscreen Display Modules Accessories EloViewยฎ Elo Pay
Explore all products Explore custom products
Solutions
All Solutions Essentials for Android Point-of-Sale Self-Service Retail Restaurant/QSR Grocery Healthcare Gaming Touchscreen Signage Corporate Industry 4.0 Embedded OEM Solutions
Explore all solutions Get in touch
Services
EloCareโ„  OS 360 Advance Unit Replacement Accidental Damage Protection Extended Warranty On-Site Exchange Out of Warranty Battery Replacement Professional Services
Check warranty status Return and Repair Policy
Support
Help Center Knowledge Base Submit a Ticket Services Portal
Browse Support Open a Ticket
New Ticket How to Buy
Products
Mobile Computers Monitors POS Terminals Touchscreen Computers Open Frame Touchscreens Touchscreen Signage Medical-Grade Touchscreens Touchscreen Components Accessories EloViewยฎ Explore all products
Solutions
All Solutions Essentials for Android Point-of-Sale Self-Service Retail Restaurant/QSR Grocery Healthcare Gaming Touchscreen Signage Explore all solutions
Services
EloCareโ„  OS 360 Advance Unit Replacement Extended Warranty On-Site Exchange Out of Warranty Check warranty status
Support
Help Center Knowledge Base Submit a Ticket Services Portal

Search

Welcome to Elo Support

Drivers, Product Info, Technical Answers and more.

What is the definition of PCI-DSS, ISO 27001, and SOC Compliance?

This article defines PCI-DSS, ISO 27001, and SOC compliance

PCI-DSS, ISO 27001, and SOC compliance are standards and frameworks for ensuring information security and data protection within organizations

Here's a detailed overview of each:

PCI-DSS (Payment Card Industry Data Security Standard)

PCI-DSS is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment.

Key Points:

  • Developed By: The Payment Card Industry Security Standards Council (PCI SSC), which includes major credit card brands like Visa, MasterCard, American Express, Discover, and JCB.
  • Requirements: There are 12 requirements for compliance, organized into six control objectives:
    1. Build and maintain a secure network (e.g., firewall configuration, use of vendor-supplied defaults for system passwords).
    2. Protect cardholder data (e.g., encryption, storage security).
    3. Maintain a vulnerability management program (e.g., antivirus software, secure systems and applications).
    4. Implement strong access control measures (e.g., access restrictions, unique IDs for users).
    5. Regularly monitor and test networks (e.g., track and monitor access, regular security testing).
    6. Maintain an information security policy (e.g., formal policies and procedures).

ISO 27001 (International Organization for Standardization 27001)

ISO 27001 is an international standard for managing information security. It provides a systematic approach to managing sensitive company information so that it remains secure.

Key Points:

  • Published By: International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
  • Framework: The standard specifies requirements for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS).
  • ISMS Components:
    • Risk Assessment and Treatment: Identifying and mitigating information security risks.
    • Security Controls: A set of best practices and security controls, detailed in Annex A of the standard.
    • Documentation and Evidence: Documented policies, procedures, and records to demonstrate compliance and continuous improvement.
    • Internal Audits and Continuous Improvement: Regular audits and reviews of the ISMS to ensure it is effective and continuously improving.

SOC (System and Organization Controls)

SOC reports are a series of standards designed to help measure the effectiveness of a service organization's controls. There are different types of SOC reports, each serving a different purpose:

  • SOC 1: Focuses on financial reporting controls.

    • Type I: Describes the service organization's system and the suitability of the design of controls at a specific point in time.
    • Type II: Includes Type I information and the operational effectiveness of the controls over a period of time.

  • SOC 2: Focuses on information and IT security controls.

    • Criteria: Based on the Trust Services Criteria, which include security, availability, processing integrity, confidentiality, and privacy.
    • Type I: Describes the service organization's system and the suitability of the design of controls at a specific point in time.
    • Type II: Includes Type I information and the operational effectiveness of the controls over a period of time.

  • SOC 3: Similar to SOC 2 but designed for a general audience, providing a high-level overview without detailed testing and results.

Key Points:

  • Developed By: The American Institute of Certified Public Accountants (AICPA).
  • Purpose: SOC reports provide assurance to stakeholders (e.g., clients, regulators) that a service organization has adequate controls related to financial reporting (SOC 1) or IT and data security (SOC 2 and SOC 3).

Summary

  • PCI-DSS: Focuses on protecting cardholder data within payment systems.
  • ISO 27001: Provides a comprehensive framework for managing information security across any organization.
  • SOC: Provides assurance about the controls at service organizations, focusing on financial reporting (SOC 1) or IT and data security (SOC 2 and SOC 3).

These standards and frameworks help organizations manage risk, comply with legal and regulatory requirements, and demonstrate their commitment to information security and data protection.

Related to

Please report any broken links by emailing support@elotouch.com and include a link to the knowledge article