Good to hear from you! I will have to agree that I love the way in which you've presented the information regarding continuous compliance in the linked video.

The milestone approach is, definitely, not sufficient in adopting a risk-based stance. I suppose my query, in specific, was regarding PCI-DSS and what folk would choose to do differently than stated in the requirements if they did, in fact, not have to worry about compliance verification and instead only focused on risk.

For me, the difference in activity would seem to be rather minimal…at least notionally.

Well looky there, now you guys are getting into my world. I totally agree that the traditional model of auditing once a year (milestones) is broken. We have shifted our perspective in this and moved to what we call “continuous compliance”. Instead of this one point in time mentality we instead work to ingrain compliance in everyday processes and distribute the workload across the year. Lastly, we've big fans of what the collaboration tools do to enable this type of process and see them going hand in hand.

If you're interested, we did a video that talks about continuous compliance that we're pretty proud of located here: http://bit.ly/8Glen9

Good to hear from you! I will have to agree that I love the way in which you've presented the information regarding continuous compliance in the linked video.

The milestone approach is, definitely, not sufficient in adopting a risk-based stance. I suppose my query, in specific, was regarding PCI-DSS and what folk would choose to do differently than stated in the requirements if they did, in fact, not have to worry about compliance verification and instead only focused on risk.

For me, the difference in activity would seem to be rather minimal…at least notionally.

Well looky there, now you guys are getting into my world. I totally agree that the traditional model of auditing once a year (milestones) is broken. We have shifted our perspective in this and moved to what we call “continuous compliance”. Instead of this one point in time mentality we instead work to ingrain compliance in everyday processes and distribute the workload across the year. Lastly, we've big fans of what the collaboration tools do to enable this type of process and see them going hand in hand.

If you're interested, we did a video that talks about continuous compliance that we're pretty proud of located here: http://bit.ly/8Glen9