PCI DSS sets a minimum level of governance and security practices to safeguard credit card data. However, even organizations that have passed a PCI DSS audit continue to face data breaches exposing customer records, highlighting the risk associated with viewing audit as a one-time event. In fact, a recent study from IT Compliance Group1 shows that for Fortune 1000 companies 6 data breaches per year is the industry norm. This whitepaper discusses how organizations need to move past the minimum PCI DSS checklist approach and implement solutions that monitor for infrastructure and regulatory changes and provide a continuous compliance program to ensure systems are secure.