If your organisation handles card payments, it must comply with the PCI DSS (Payment Card Industry Data Security Standard), or risk financial penalties or even the withdrawal of the facility to accept card payments.
A large part of PCI DSS compliance involves creating and maintaining documentation to demonstrate that you are meeting the Standard’s requirements.
This includes formal security policies, processes and procedures, records of your cardholder data processing, ASV scan reports, and more.
Documentation must support all applicable PCI requirements and provide practical operational guidelines for anyone working with payment card data.
Needless to say, creating this amount of documentation from scratch is time-consuming and complicated.
Did you know?
On average, our PCI DSS consultants use at least 50% of the toolkit’s policies on every engagement – that equates to at least 15 or 16 policies that our clients would otherwise need to draft themselves.
This saves approximately seven full days of writing, including:
- Meeting requirements;
- Information gathering;
- Validation checks; and
- Approval.
Meet the PCI DSS requirements
The PCI DSS Documentation Toolkit offers a shortcut through the Standard’s documentation requirements, with extra features to streamline your compliance programme
Features
|
This will help you to
|
PCI DSS Gap Analysis
|
Assess the current state of your PCI compliance.
The first step of your compliance project should be to determine the extent of the work you need to carry out. The gap analysis tool breaks each of the 12 PCI DSS requirements into their component clauses, providing guidance notes and testing procedures for each, as well as listing which SAQ (self-assessment questionnaire) they are present in. Once the requirements have been met, you can then select the relevant SAQ and see how close you are to achieving compliance.
|
PCI Document Analysis Tool
|
Determine which documents you need to complete.
The Document Analysis Tool makes it easy to see if all the documentation required by the PCI DSS is in place in your organisation. It lists the documents from the toolkit that apply to each PCI DSS requirement, as well as which SAQs the requirements apply to. Once you have selected which documents you have, you can select your SAQ type to see an overview of how complete your documentation is, sorted by priority.
|
PCI documentation templates
|
Complete the required policies to the right level of detail.
The toolkit provides you with customisable templates for all the documentation required by the Standard, including:
- Operational Security Policy Statement
- System Configuration Policy
- Data Retention and Disposal Policy
- Cryptographic Key Management
- Cardholder Data Policy Statement
- Anti-Malware Policy
- Vulnerability Management Policy
- Access Control Policy
- Password Policy Statement
- Systems Monitoring Policy
- Penetration Testing Methodology Work Instruction
- Staff Training Programme
- PCI DSS Operational Security Programme
|
ISO 27001 clause mapping
|
Learn how to integrate the PCI DSS and ISO 27001.
The toolkit maps the PCI DSS’s requirements to the relevant clauses in the information security management standard ISO 27001.
It can help you establish the foundations of an ISO 27001-compliant ISMS (information security management system), and can be fully integrated with our ISO 27001 Toolkit.
|
Learn more about our documentation toolkits
Created by industry experts, our toolkits cover a wide range of governance, risk management and compliance areas, including the GDPR (General Data Protection Regulation), ISO 27001, ISO 9001, Cyber Essentials and IT service management.
Learn more