Did you mention canned reports , how can u produce canned reports when the requirements keep changing in a dynamic environment.

By the way just curious as to how these reports cover the 12 major requirements for PCI:

1. Install and maintain a firewall to protect data.
2. Do not use vendor supplied defaults for system passwords and other security parameters.
3. Protect stored data.
4. Encrypt transmission of cardholder data and sensitive info. across public networks.
5. Use and regularly update antivirus software.
6. Develop and maintain secure systems and applications (patch management)
7. Restrict access to business data on a need-to-know basis.
8. Assign a unique ID to each user with computer access.
9. Restrict physical access to cardholder data.
10.Track and monitor all access to network resources and cardholder data.
11. Regularly test security systems and processes.
12. Maintain a policy that addresses information security.

how can we do audits when the requirements are so generalized, this is really tough on the merchants and sys admin guys