Payment Card Industry Data Security Standards (PCI DSS) Level 1 compliance can be a very arduous, time-consuming and costly undertaking for any organization. However, there are a number of proactive steps that should be put in place for helping ensure an efficient and transparent assessment process is in place.
I stress the word “transparency” because the more information you provide a PCI QSA, the better understanding her/she will have when engaging to conduct the PCI DSS Level 1 assessment on your organization.
Here are some helpful tips:
1. Develop in-depth network topology documents that clearly illustrate the cardholder environment. Do not omit any “system components” from these drawings as PCI QSA’s need a true understanding of network topology.
2. Take a hard look at Requirement 12 of the PCI DSS standards-Policies and procedures play a big and important role in ensuring compliance for PCI DSS. If you do not have these PP in place, you need to start writing them internally, or expect to pay a king’s ransom for external auditors or consultants to write these documents for you.
3. Make a list of all external, third party vendors and outsourcing entities that your organization uses. This is important because data centers and other types of managed services entities often fall into the scope of a PCI DSS assessment.
If you want to learn more about PCI DSS compliance, visit pciassessment.org