OmniPORT
OmniPORT is a Software as a Service (SaaS) compliance management tool which, with the support of IRM in its
capacity as a Qualified Security Assessor Company (QSAC), gives merchant programme management teams full control
over all aspects of their PCI DSS programme.
Because of the wide range of the PCI DSS scope many enterprises find it extremely difficult to efficiently manage
their programme, using many different spreadsheets to keep control of progress whilst maintaining 'evidence' in many
different repositories. This result of this is that programmes are at best unwieldy to manage, at worst grind to a
standstill.
OmniPORT, a work flow portal based tool, has been specifically designed to address these issues, providing both a
continual monitor on progress and a permanent non-repudiated evidence store from which detailed on-going compliance
reports can be extracted. The templates for Interim Gap reports and quarterly bank prioritised approaches are all
built in, giving the merchant and where appropriate the bank a permanent view on progress.
How OmniPORT works
OmniPORT is a specifically designed programme platform which has proven to save over 40% of a programme
management team's time by simply allocating actions, monitoring progress and raising alerts when actions have not
been executed. This brings enormous benefits to ensuring that the processes enshrined in PCI DSS quickly become part
of business-as-usual functions.
IRM can log onto the platform remotely to sign off evidence, review documentation, ensure timelines are being met
etc as and when appropriate. This both avoids the need and associated costs for a QSA to be on site and means that
the programme team with their QSA can at any time take a real time view of the programme's status and progress.
Actions and activities can be allocated according to business resources and monitored to ensure that progress is
being made.
All of the PCI DSS requirements can have 'effort', 'cost' and 'duration' assigned to them, so each individual
activity shows progress. Reports thereafter can be produced to demonstrate, as applicable, to the acquiring bank or
card schemes that progress has been made despite the fact that no one control point can be fully closed off.
Finally, the strategic objective of OmniPORT is to build and develop with the acquiring banks a risk-based
profile for PCI DSS. This is in line with IRM's belief that as the standard matures there will be an increasing
emphasis on a risk based approach.
Why OmniPORT?
OmniPORT has been specifically designed to meet the challenges faced in achieving and maintaining compliance. The
compliance management feature reduces all the compliance requirements into individual tasks which can then be
rapidly assigned to individuals or whole departments. The inbuilt workflow engine allows all of these tasks to be
tracked and monitored, with metrics such as effort, progress and deadlines. This allows the merchant and QSAC both
to use normal project management techniques to manage the programme and allocate and control the vast numbers of
audit control points across the business, focused on relevant individuals or departments.
Detailed progress reports on multiple metrics such as compliance, risk, effort and progress ensure you can be
informed of your compliance posture in real time and that the quarterly reporting required by the card schemes and
acquiring banks becomes a more automated function.