November 19 2007
New toolkit aims to simplify PCI DSS compliance for retailers
Data security and IT governance business IT Governance Ltd has produced a toolkit that helps retailers comply with the Payment Card Industry Data Security Standard.
Achieving compliance with the Payment Card Industry Data Security Standard (‘PCI DSS’) is a critical business issue for all merchants that accept credit and debit cards. However, many remain unsure about the level of compliance required of their organisation and how best to achieve this, and most would rather it just go away entirely. To help explain and simplify the compliance process, IT Governance Limited has launched a new PCI DSS £199 Toolkit that should solve some if not all of the issues.
The PCI DSS must be met by all merchants that accept credit and debit cards issued by the major credit card companies. It is a contractual obligation applied and enforced directly by the payment providers, and a failure by a merchant to comply can result in fines, restrictions or other costly repercussions.
The Standard requires merchants and member service providers to adopt various specific measures to ensure data security. These include building and maintaining a secure IT network, protecting cardholder data and maintaining a vulnerability management programme and information security policy. The Standard’s compliance requirements are ranked in four levels, and the level of compliance required of a merchant is based upon the volume of payment card transactions it processes annually.
The new PCI DSS Toolkit, which has been developed to work internationally, will support all organisations faced with PCI DSS compliance. It is particularly helpful to merchants required to comply with levels 2 and 3 of the Standard, for whom completion of a self-assessment questionnaire is a requirement, as well as level 4 organisations.
It contains a full set of templates for the mandatory PCI DSS policies, as well as a PCI slide presentation and full PCI DSS SAQ completion guidance, a cross-mapping to ISO27001/ISO27002 best practice, and the manual of PCI DSS implementation guidance.
