Given the potential damages of failing to comply with GDPR I’d strongly prefer an enterprise option that indemnified the company for suits if the tool shows the company has been compliant.
You could easily pass or fail automated tests for PCI DSS and it would have no correlation to whether your business was found compliant or not. The premise of this makes no sense.
It's just a vulnerability scan, which is one small component of compliance. It's also the easiest component, and in many ways the least important. A clean scan does not mean you are compliant. In fact, if you are running the scan to check if you are compliant, then you are not compliant, guaranteed. Compliance is a process. It takes work, and an ongoing program. Anyone who offers you a product to make it easy is selling snake oil.
As far as PCI, this scan covers only three requirements out of hundreds.
7 comments
[ 3.0 ms ] story [ 15.7 ms ] threadAs far as PCI, this scan covers only three requirements out of hundreds.