PCI Manager Guide
Objective​
Coordinate PCI-related security assessments, maintain audit readiness, and ensure supporting evidence, workflows, and records remain complete and traceable.
Main responsibilities​
- Coordinate PCI assessment planning and execution.
- Track project progress, evidence collection, and status transitions.
- Validate that remediation and requirement activities are properly documented.
- Support audit readiness with complete records and retention awareness.
Follow-up routine​
- Review active PCI assessment projects and deadlines.
- Confirm assigned users, scope, and required assets are correct.
- Track project status progression and blocked items.
- Review requirement completion and attached evidence.
- Validate that findings and remediation actions are documented.
- Check notifications for status changes or follow-up actions.
- Prepare evidence packages for internal or external audit review.
- Confirm retention-sensitive records are preserved according to policy.
Core workflows in Conviso​
- Access project workspace: Projects
- Follow project execution flow: Process
- Understand project status model: Workflow Status
- Review and track activities: Requirements
- Manage supporting evidence and audit trail: Data Retention
Defect tracker integration​
Integrate Conviso Platform with your issue management tool using Defect/Bug Tracking integrations to synchronize and monitor remediation items that may affect PCI assessment outcomes.
Decision support with Dashboard​
Use the Dashboard to monitor broader security trends that may impact PCI readiness, prioritization, and follow-up planning.
Management and collaboration tool​
- Project and requirement follow-up alerts: Notifications Center
Recommended KPIs​
- PCI assessment projects completed on time.
- Requirements completed with evidence attached.
- Findings pending remediation at assessment closure.
- Audit evidence completeness rate.
- Retention-sensitive records tracked for compliance scope.
Playbooks​
PCI assessment approaching deadline​
- Review project status, scope, and assigned users.
- Identify incomplete requirements or missing evidence.
- Escalate blocked remediation or validation items.
- Confirm final documentation package is ready for review.
Auditor requests historical evidence​
- Locate the relevant PCI project and related activities.
- Export or review attached evidence, timelines, and supporting artifacts.
- Confirm record coverage against the retention policy.
- Document any gaps and assign corrective actions.
Contribute to the Docs
Found something outdated or missing? Help us improve the documentation with a quick suggestion or edit.
How to contributeResources
By exploring our content, you'll find resources that will enhance your understanding of the importance of a Security Application Program.
Conviso Blog: Explore our blog, which offers a collection of articles and posts covering a wide range of AppSec topics. The content on the blog is primarily in English.
Conviso's YouTube Channel: Access a wealth of informative videos covering various topics related to AppSec. Please note that the content is primarily in Portuguese.