Posted by: Charles Denyer
payment card industry, pci assessment, pci dss qsa, policies and procedures, qsa
PCI DSS stands for Payment Card Industry Data Security Standards. If you are a merchant or service provider who is directly involved in the processing, storage, or transmission of transaction data or cardholder data, then you should be looked upon as PCI DSS candidates for compliance.
As with any compliance mandate, costs can be expensive, it can be time consuming to go through the assessment, and it’s something that has to be conducted annually.
The very first thing organizations should do to prepare for PCI DSS compliance is to make sure their organization has documented policies and procedures in place. And why? Because a large part of the success of obtaining PCI DSS compliance is dependent on having these very documented policies and procedures in place. Don’t believe me? Well, take a look at the PCI DSS standards for yourself and read between the lines and you will quickly find that this is an absolute necessity.
If you do not have them or do not have the time and skills to write them, then I highly recommend you hire a consulting firm who is an expert at writing policies and procedures for PCI DSS.
Time and time again, this is one of the biggest weaknesses I seen in merchants, service providers and any other organization looking to become PCI DSS compliant.