This website uses cookies. View our cookie policy
United Kingdom
Select regional store:

  PCI for Small and Medium-Sized Businesses

The ability to accept payments for goods and services is essential for every business. However you trade and whatever your business might be, every credit or debit card transaction you process involves sensitive cardholder information that has to be stored and transmitted securely. With this in mind, card schemes, such as Visa and MasterCard, insist you comply with the Payment Card Industry Data Security Standard (PCI DSS) to make sure both your business and your customers are protected from the ever-present threat of card fraud.


Where do I start?

The PCI DSS applies to all organisations that transmit, process or store payment card data. Although the Standard is technically complex to implement, it is based on common information security practices.

To prove they meet the 12 requirements, and in turn achieve compliance, the majority of small merchants can fill in a self-assessment questionnaire (SAQ). But it's helpful to have the guidance of PCI experts in your corner to ensure your responses are in line with each requirement.


SMEs’ PCI mistakes

Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for all companies that handle credit card data. Common serious mistakes include:


"Top 3 payment security mistakes". Worldpay (December 2014)


Support contract for the smaller business

If you’re a smaller organisation, our PCI Compliance and Support Contract brings PCI policies and procedures, approved quarterly scans and staff training resources together with our expert online consultancy support and advice, at an affordable price.








Top reasons to use IT Governance for PCI compliance

Authorised QSA company

As an authorised QSA, we can advise on challenging aspects of the PCI DSS. If you have questions about PCI compliance, we'll provide you with the answers quickly and efficiently with solutions scalable to your business and budget.

Save time and money

The PCI DSS Documentation Toolkit is ideal for any small or medium-sized business that deals with payment card data because it lets you take advantage of QSA knowledge and guidance to accelerate your PCI DSS compliance project. It’s basically a shortcut through the documentation, with extra features to streamline the rest of the process.

Become your own expert

In addition to ASV scanning, you’ll be able to take advantage of a number of tools, including a gap analysis tool to check your organisation’s progress towards compliance; PCI document dashboard to keep track of all your documents from one place; and a document analysis tool to ensure all required documentation is in place.

Focused on improving security, not just compliance

Our approach to helping clients is to help strengthen their security posture rather than offering an audit-based service. The toolkit can also be used as the foundations of an information security management system (ISMS).


Speak to an expert

Please contact us for further information or to speak to an expert.

Contact us