Compliance and old infrastructure
Dec 31st, 2011 by Jesper Kråkhede
During my years working with compliance one thing that have become very obvious is the hard work needed to get old infrastructure compliant while new is like having an ice cream in the sun. I recall working at a client many years ago where we were arguing if an old till system should be upgraded or not. The question was to invest €500 000 in a new system, PA DSS compliant from start, or to spend at least €400 000, testing not included and no guarantee for compliance. The point of arguing was actually not the cost but that a bunch of developers would lose their job supporting the old system. As you could imagine they picked up on every single thing that could be a glitch and made it look like Armageddon at least. In the end I won, exhausted but happy! Why? Because we got all the information we wanted out of the developers, information they didn´t want to give us in the first place.