7 comments

[ 3.0 ms ] story [ 15.7 ms ] thread
Given the potential damages of failing to comply with GDPR I’d strongly prefer an enterprise option that indemnified the company for suits if the tool shows the company has been compliant.
At a glance, this looks like little more than an ad - I'm really not sure why it was posted here?
You could easily pass or fail automated tests for PCI DSS and it would have no correlation to whether your business was found compliant or not. The premise of this makes no sense.
Agreed. I don’t see the value in this service, I’m much more concerned with the other 95% of the requirements for either PCI or GDPR.
It's just a vulnerability scan, which is one small component of compliance. It's also the easiest component, and in many ways the least important. A clean scan does not mean you are compliant. In fact, if you are running the scan to check if you are compliant, then you are not compliant, guaranteed. Compliance is a process. It takes work, and an ongoing program. Anyone who offers you a product to make it easy is selling snake oil.

As far as PCI, this scan covers only three requirements out of hundreds.