Oneiric IT
A compliance management platform for MSPs and businesses to track PCI DSS requirements, manage evidence, and maintain audit readiness.
Company Details
- Category
- Governance
- Headquarters
- Zagreb, Croatia
- Data Hosting
- EU Only
- Open Source
- No
- Pricing
- paid
- Website
- https://pcidss-dashboard.com
About Oneiric IT
PCIDSS-Dashboard: The Operating System for PCI DSS v4.0.1 PCIDSS-Dashboard is a dedicated compliance management platform designed to help Merchants and Service Providers escape "Spreadsheet Hell" and survive PCI DSS audits without buying $60,000 Enterprise GRC bloatware. It is built specifically for the complexities of the PCI DSS v4.0.1 standard, transforming compliance from an annual chaotic scramble ("Evidence Archaeology") into a streamlined, continuous, and automated engineering workflow. 🚨 The Problem It Solves Historically, companies have been forced to choose between two failing systems for managing PCI compliance: The Spreadsheet Warriors: Tracking 300+ requirements in fragile Excel sheets, storing evidence in disorganized Google Drive folders, and relying on the "one engineer who knows where everything is." The Enterprise GRC Victims: Paying massive annual fees for complex platforms built for Fortune 500 SOX compliance, which take months to implement and require $250/hr consultants to configure. PCIDSS-Dashboard is the missing middle ground: Powerful enough for a Level 1 Service Provider doing a full Report on Compliance (ROC), but simple enough for an E-commerce Merchant filing an SAQ A. ⚙️ Core Features 1. The Structured Evidence Repository Stop hunting through Slack and old emails for firewall configs. The dashboard comes pre-loaded with all 12 PCI DSS v4.0.1 requirements and 300+ sub-requirements. Users can drag-and-drop evidence (pen test reports, logs, policy documents) and map them directly to specific requirements. 2. The System Component Inventory Unlike generic GRC tools that only track "compliance status," this tool understands your technical infrastructure. It catalogs the entire Cardholder Data Environment (CDE)—including servers, firewalls, IP addresses, OS versions, and patch lifecycles—so you can instantly show auditors exactly what systems are in scope. 3. Auditor View Instead of emailing zip files back and forth, companies can grant their Qualified Security Assessor (QSA) a restricted login. The auditor can review the mapped evidence, verify statuses, and leave notes directly in the platform. 4. Continuous Compliance & Scheduled Tasks Compliance isn't just a checklist; it requires recurring actions. The dashboard schedules and tracks mandatory operational tasks (e.g., quarterly vulnerability scans, annual policy reviews, daily log reviews) and notifies the team before deadlines are missed. 5. Smart Policy Management Offers version control for security policies. A single Information Security Policy can be uploaded and linked to multiple different PCI requirements simultaneously. When the policy is updated, the new version automatically syncs across all linked requirements. 6. Multi-Tenancy & Multiple Certifications Built for Managed Service Providers (MSPs), payment gateways, and holding companies. Users can manage multiple separate entities, scopes, or historical PCI versions independently without mixing data. 🧙♂️ The SAQ A Compliance Wizard (For E-commerce Merchants) For merchants with outsourced payment processing (like Stripe or PayPal), the dashboard includes a "TurboTax-style" workflow to kill the manual 30-page PDF process: Plain-English Translation: Translates dense auditor jargon into simple "Yes/No" operational questions. Service Provider Tracking: Manages third-party vendors (Requirement 12.8) and stores their Attestations of Compliance (AOCs). Automated PDF Generation: Maps the user's answers to the strict PCI SSC formatting, handling complex checkboxes and logic, to instantly generate a signed, official SAQ A PDF ready for the acquiring bank. Fully handles the latest PCI v4.0.1 Rev 1 update, ensuring merchants properly declare their e-commerce script security posture (formerly Req 6.4.3 and 11.6.1) to maintain eligibility. 🧠 Subtle AI Integration AI is utilized not as an annoying chatbot, but as an invisible assistant. It works in the background to help suggest evidence mapping, review uploaded documents, and identify remediation steps, staying entirely out of the user's way until it is genuinely helpful. 🎯 Target Audience Level 1 Service Providers: Payment gateways, hosting providers, and technical platforms managing full ROCs and complex infrastructure. Level 2-4 Merchants: E-commerce, Nutra, Dating, and high-risk merchants processing 20k–6M transactions who need to file SAQs (A, A-EP, D, etc.) to keep their merchant accounts open. Agencies & ISOs: Firms that manage compliance on behalf of their merchant portfolios.
Replaces
Oneiric IT is an alternative to: Drata, OneTrust, ServiceNow, Vanta