PCI DSS-It’s a well-known phrase in today’s growing regulatory compliance landscape. Because PCI DSS and it’s standards, requirements, and other supporting factors are relatively new, there still seems to be a high degree of uncertainty of who needs to be PCI DSS compliant and why. the who, what, where, when, and why is still unclear for many merchants, service providers, and other entities involved, directly or indirectly, in the overall payment cycle.
Here is what is for certain. If you do have to be PCI DSS compliant, then its wise you start to immediately look at and inspect your organization’s documented policies and procedures. Why, you ask? Because most companies are very good at what they do, but typically weak at documenting what they do. Add to the mix that a fair amount of PCI DSS compliance is dependent on documented policies and procedures, and you can quickly see the importance. But who is going to write them and how long will it take?
My recommendation is to hire an experienced PCI QSA firm that has the skills and the templates ready for your organization to use. Remember, this is one of the most arduous and time consuming efforts of PCI DSS compliance, so start early before it’s too late.
To learn more about PCI DSS compliance, visit www.pciassessment.org.