PCI DSS Documentation Toolkit

Speak to an expert

Our CREST-certified team of penetration testers will be able to advise you on how PCI DSS testing requirements apply to your organisation. For further information about our PCI security testing services, or to get a tailored quote for your organisation, get in touch with one of our specialists today.

If your organisation handles card payments, it must comply with the PCI DSS (Payment Card Industry Data Security Standard), or risk financial penalties or even the withdrawal of the facility to accept card payments.

A large part of PCI DSS compliance involves creating and maintaining documentation to demonstrate that you are meeting the Standard’s requirements.

This includes formal security policies, processes and procedures, records of your cardholder data processing, ASV scan reports, and more.

Documentation must support all applicable PCI requirements and provide practical operational guidelines for anyone working with payment card data.

Needless to say, creating this amount of documentation from scratch is time-consuming and complicated.

Save hours of work and consultancy fees

PCI DSS Documentation Toolkit

Our PCI DSS Documentation Toolkit provides you with the policies, procedures and work instructions you need to demonstrate your organisation’s compliance with the PCI DSS.

All the templates have been designed from a PCI audit perspective by a qualified PCI QSA (Qualified Security Assessor), and can easily be customised to suit your organisation’s needs. Download the toolkit’s full contents list.

As well as containing an extensive list of customisable templates appropriate for the PCI DSS, it includes a set of project management tools, including a PCI DSS roles and responsibilities matrix, a document checker, a gap analysis tool and a scoping guide.

Buy now

Did you know?

On average, our PCI DSS consultants use at least 50% of the toolkit’s policies on every engagement – that equates to at least 15 or 16 policies that our clients would otherwise need to draft themselves.

This saves approximately seven full days of writing, including:

  • Meeting requirements;
  • Information gathering;
  • Validation checks; and
  • Approval.

Meet the PCI DSS requirements

The PCI DSS Documentation Toolkit offers a shortcut through the Standard’s documentation requirements, with extra features to streamline your compliance programme


This will help you to

PCI DSS Gap Analysis

Assess the current state of your PCI compliance.

The first step of your compliance project should be to determine the extent of the work you need to carry out. The gap analysis tool breaks each of the 12 PCI DSS requirements into their component clauses, providing guidance notes and testing procedures for each, as well as listing which SAQ (self-assessment questionnaire) they are present in. Once the requirements have been met, you can then select the relevant SAQ and see how close you are to achieving compliance.

PCI Document Analysis Tool

Determine which documents you need to complete.

The Document Analysis Tool makes it easy to see if all the documentation required by the PCI DSS is in place in your organisation. It lists the documents from the toolkit that apply to each PCI DSS requirement, as well as which SAQs the requirements apply to. Once you have selected which documents you have, you can select your SAQ type to see an overview of how complete your documentation is, sorted by priority.

PCI documentation templates

Complete the required policies to the right level of detail.

The toolkit provides you with customisable templates for all the documentation required by the Standard, including:

  • Operational Security Policy Statement
  • System Configuration Policy
  • Data Retention and Disposal Policy
  • Cryptographic Key Management
  • Cardholder Data Policy Statement
  • Anti-Malware Policy
  • Vulnerability Management Policy
  • Access Control Policy
  • Password Policy Statement
  • Systems Monitoring Policy
  • Penetration Testing Methodology Work Instruction
  • Staff Training Programme
  • PCI DSS Operational Security Programme

ISO 27001 clause mapping

Learn how to integrate the PCI DSS and ISO 27001.

The toolkit maps the PCI DSS’s requirements to the relevant clauses in the information security management standard ISO 27001.

It can help you establish the foundations of an ISO 27001-compliant ISMS (information security management system), and can be fully integrated with our ISO 27001 Toolkit.

Benefits of the PCI DSS Documentation Toolkit

Comply without breaking the bank

Pre-written by a PCI QSA, avoiding costly, credibility-destroying trial-and-error methods.

Guaranteed compliance

Pre-written model policies account for all key issues in PCI DSS v3.2.1 compliance.

Record progress

Keep track of task progress and outstanding actions in the downloadable toolkit dashboard.

Save time

Immediate download so you can take advantage of its contents at once.

Learn more about our documentation toolkits

Created by industry experts, our toolkits cover a wide range of governance, risk management and compliance areas, including the GDPR (General Data Protection Regulation), ISO 27001, ISO 9001, Cyber Essentials and IT service management.

Learn more

PCI DSS Documentation Toolkit

PCI DSS Documentation Toolkit

Accelerate your PCI DSS project with:

  • A complete set of easy-to-use, customisable and fully PCI-compliant documentation templates, saving you time and money;
  • Guidance documents; and
  • Project tools to help ensure your compliance with the Standard.

Buy now

This website uses cookies. View our cookie policy
SAVE 10%