If you are a merchant or service organization and need to be payment card industry (PCI) compliant with the PCI DSS provisions, then there are a number of important points you need to know. First and foremost, you need to identify what level you are in accordance with PCI DSS requirements. You can find this information at pciassessment.org.
Second, you will need to find a qualifed QSAC (Qualified Security Assessor Company) that can assist you with all levels of PCI compliance, regardless of what level you fall under. Third, you will need to have the QSAC conduct a PCI DSS readiness for understanding your cardholder transaction environment and what gaps, holes, and deficiencies you may have that could hinder the overall PCI DSS assessment process. Easier said than done? It sure is, as most companies are good at what they do, but are very weak in having documented policies and procedures in place for PCI DSS compliance. I stress this because it is one of the biggest and most often overlooked areas of PCI DSS compliance. While we all get carried away talking about firewalls, routers, anti-virus, DMZ, etc, many times organizations fail to recognize the importance of documented policies and procedures.
To learn more about PCI DSS compliance, visit pciassessment.org