ISO-27002-(17799) News

New PCI DSS Toolkit Simplifies Compliance

(Nov 19, 2007)-- Achieving compliance with the Payment Card Industry Data Security Standard (‘PCI DSS’) is a critical business issue for all merchants that accept credit and debit cards. However, many remain unsure about the level of compliance required of their organisation and how best to achieve this. To help explain and simplify the compliance process, IT Governance Limited has launched a new PCI DSS Toolkit.

The PCI DSS must be met by all organisations (merchants) that accept credit and debit cards issued by the major credit card companies. It is a contractual obligation applied and enforced directly by the payment providers, and a failure by a merchant to comply can result in fines, restrictions or other costly repercussions.

The Standard requires merchants and member service providers to adopt various specific measures to ensure data security. These include building and maintaining a secure IT network, protecting cardholder data and maintaining a vulnerability management programme and information security policy. The Standard’s compliance requirements are ranked in four levels, and the level of compliance required of a merchant is based upon the volume of payment card transactions it processes annually.

The new PCI DSS Toolkit, which has been developed to work internationally, will support all organisations faced with PCI DSS compliance. It is particularly helpful to merchants required to comply with levels 2 and 3 of the Standard, for whom completion of a self-assessment questionnaire is a requirement, as well as level 4 organisations. It contains a full set of templates for the mandatory PCI DSS policies, as well as a PCI slide presentation and full PCI DSS SAQ completion guidance, a cross-mapping to ISO27001/ISO27002 best practice, and the manual of PCI DSS implementation guidance.

Alan Calder, chief executive of IT Governance, said, “There is simply no alternative but for merchants to comply with the Payment Card Industry Data Security Standard. However, organisations facing the Standard for the first time are frequently bewildered by its requirements and uncertain of how to meet them. This new Toolkit radically simplifies the compliance process and reduces it to a clear sequence of actions that can be performed efficiently, leaving merchants free to focus on the essential work of serving their customers.”

Share or bookmarklet this web page at: