The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard created by the payment card brands and intended for all entities who process payment card data (branded credit cards and debit cards).

​

Most businesses provide merchant services to their customers or are service providers providing either payment card processing, hosting or other ancilliary services that could have an impact on the security of payment card data.  All these organisations are in scope for PCI DSS.

​

The PCI DSS is a much more prescriptive information security standard than the ISO27001, for example, and can be a challenge to get to grips with initially and this is where we can help with our experience in this field (see About Us).

​

We can provide advice on scoping, implementing, managing and maintaining an information security framework compliant to the requirements of PCI DSS.

​

Among the services we offer are:

​

• Assistance on scoping your Cardholder Data Environment (CDE)

• Guidance on completing Self Assessment Questionnaires (SAQs) and the appropriate SAQ for your CDE

• Preassessment to help prepare organisations for assessment by QSAs

• Help to interpret the requirements of PCI DSS and how they may apply to your organisation

• PCI Awareness Workshops

• Gap Analysis and Scope Reduction Recommendations

• Guidance on implementing a PCI DSS compliant framework for your organisation

​

And much more!

​

​

​

​

​

​

​

​