Regulatory Compliance, Governance and Security

Oct 19 2008   11:45PM GMT

PCI DSS Compliance | It Starts with Policies & Procedures



PCI DSS compliance can be considered a costly, time consuming assessment for any merchant or service provider that has to obtain PCI DSS compliance. What many organizations fail to recognize is that within the PCI DSS standards are a slew of requirements for documents policies and procedures on a laundry list of items. While companies are typically very good at what they do from a operational and business perspective, most companies perform rather poorly when it comes to documenting what they do. It’s an inherent weakness that I, as a PCI QSA assessor, see time and time again out there in the world of compliance.

Take note as documenting your policies and procedures for PCI DSS compliance can be considered a costly and time consuming affair. My recommendation, find a QSA PCI firm that has ready made templates which can be customized to your operations. Furthermore, appoint an internal employee to either develop these documented policies and procedures or work with an external PCI QSA assessor.

To learn more about PCI DSS compliance and how to develop customized documented policies and procedures for ensuring PCI DSS compliance, visit NDB advisory

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: