New PCI DSS Toolkit Simplifies Compliance



Achieving compliance with the Payment Card Industry Data Security Standard ('PCI DSS') is a critical business issue for all merchants that accept credit and debit cards. However, many remain unsure about the level of compliance required of their organisation and how best to achieve this. To help explain and simplify the compliance process, IT Governance Limited has launched a new PCI DSS Toolkit.

The PCI DSS must be met by all organisations (merchants) that accept credit and debit cards issued by the major credit card companies. It is a contractual obligation applied and enforced directly by the payment providers, and a failure by a merchant to comply can result in fines, restrictions or other costly repercussions.

The Standard requires merchants and member service providers to adopt various specific measures to ensure data security. These include building and maintaining a secure IT network, protecting cardholder data and maintaining a vulnerability management programme and information security policy. The Standard's compliance requirements are ranked in four levels, and the level of compliance required of a merchant is based upon the volume of payment card transactions it processes annually.

The new PCI DSS Toolkit, which has been developed to work internationally, will support all organisations faced with PCI DSS compliance. It is particularly helpful to merchants required to comply with levels 2 and 3 of the Standard, for whom completion of a self-assessment questionnaire is a requirement, as well as level 4 organisations. It contains a full set of templates for the mandatory PCI DSS policies, as well as a PCI slide presentation and full PCI DSS SAQ completion guidance, a cross-mapping to ISO27001/ISO27002 best practice, and the manual of PCI DSS implementation guidance. It is priced at just 199 and available at



New PCI DSS Toolkit Simplifies Compliance