PCI DSS Compliance
Accepting payment cards spans industries, even businesses that would not necessarily consider themselves to be a "merchant" in terms of traditional brick & mortar retailers. However, any company that accepts payment via debit and/or credit cards must comply with the Payment Card Industry Data Security Standard (PCI DSS). Some businesses choose to segment off the cardholder environment and manage it by its own unique policies and standards. Other businesses address PCI DSS requirements as part of its overall policies and standards. Either way works and ComplianceForge offers solutions for both approaches!
Do You Know If You Are Currently Compliant With PCI DSS?
If you have to think about that question, then it is very likely that you are not compliant. That is just the way it is with PCI DSS. If your organization is not proactively managing the requirements, then some requirements will slip through the cracks and you will be in a state of non-compliance. This can have dire consequences in the event of a data breach, since cyber liability insurance will not pay out for instances where you cannot prove you were compliant with applicable statutory, regulatory and contractual requirements (e.g., PCI DSS) at the time of the incident. That has the potential to put many smaller organizations out of business entirely.
Payment Card Industry Data Security Standard (PCI DSS) v3.2 Compliance
ComplianceForge currently offers four (4) products that are designed to assist companies with PCI DSS compliance:
- PCI DSS Policy & Standards
- ISO 27002 Written Information Security Program (WISP)
- NIST 800-53 Written Information Security Program (WISP)
- Digital Security Program (DSP)