Looking for a PCI compliance Roadmap? As a Payment Card Industry Data Security Standards Qualified Security Assessor (PCI QSA), I’m often asked about the who, what, where, and why of PCI compliance. Most organizations (merchants and service providers) are simply overwhelmed with the entire process and are not too sure really where to begin, hence the need for a PCI Compliance Roadmap.
I’ve written extensively on this issue and I urge you to read about the PCI DSS Roadmap, which essentially highlights three (3) main phases that your organization should undertake. Within these three (3) phases, there are many sub-categories and drivers that you will need to undertake, but for now, focus on these three (3) areas, which are the following:
* Phase I: PCI DSS Readiness Assessment
* Phase II: Remediation & Implementation for PCI DSS
* Phase III: Assessment & Reporting for PCI DSS
The biggest challenge (and goal) for organizations is Phase I, that is, simply getting one’s arm around the entire PCI DSS process and understanding what the scope of a PCI DSS assessment really is. Once you have successfully completed this phase, you can then move on to remediation and other aspects that are vital for PCI success.
To learn more about PCI compliance, visit the official PCI DSS Resource Guide.