Note: This version is specific to Self-Assessment Questionnaire (SAQ) C for PCI DSS v4.0. If you are not sure what SAQ level you need, please review the official PCI Standards Council site.
PCI DSS v4.0 - Cybersecurity Policies & Standards [SAQ C]
If your company needs information security policies and standards to comply with the Payment Card Industry Data Security Standard (PCI DSS) SAQ A, then we can be of service to you at a price you can afford. Our professional cybersecurity team developed a comprehensive and affordable PCI DSS Cybersecurity Policies & Standards that are fully-editable in Microsoft Word format, so that you can add any customization that you want to add. In addition to the PCI DSS Cybersecurity Policies & Standards, you get additional documentation that will help you implement it and ensure you stay compliant. It is well documented that the lack of standards and lack of employee awareness are the leading causes of security breaches, malware infections (e.g. viruses & spyware), and identity theft. These cybersecurity policies and standards templates for PCI DSS v4.0 help alleviate the time constraints and errors associated with trying to generate the documentation by yourself. Our product is a fraction of the cost associated with hiring a consultant to write similar documentation for you. We offer an unparalleled product at an exceptional value!
Not Sure What SAQ Type You Need?
There are different SAQs available to meet different merchant environments. Merchants are required to identify the SAQ that best describes how it accept payment cards. Some organizations may even need to fill out different SAQs, based on different methods of accepting payment (e.g., SAQ A for its website and SAQ C for its "brick & mortar" store locations). If you are not sure which questionnaire applies to you, contact your merchant services provider for assistance or review the official PCI Security Standards Council's guidance on "assessing the security of your cardholder data" to help determine the appropriate SAQ type for your organization - https://www.pcisecuritystandards.org/pci_security/completing_self_assessment
PCI DSS Self-Assessment Questionnaire (SAQ) C Policies & Standards
SAQs are requirements for smaller merchants and service providers that are not required to submit a Report on Compliance (ROC). SAQs are designed as a self-validation tool to assess security for cardholder data that uses a series of yes-or-no questions for each applicable PCI DSS requirement. This product page is specific to SAQ C.
There are different questionnaires available to meet different merchant environments. Merchants are required to identify the SAQ that best describes how it accept payment cards. Some organizations may even need to fill out different SAQs, based on different methods of accepting payment (e.g., SAQ A for its website and SAQ C for its "brick & mortar" store locations). If you are not sure which questionnaire applies to you, contact your acquiring bank or payment card brand for assistance.
ComplianceForge sells its PCI DSS Policies & Standards based on the SAQ type (shown below):
|SAQ Type||Method of Accepting Payment Cards||E-Commerce||In-Person|
Card-not-present merchants (e-commerce or mail/telephone-order) that have fully outsourced all cardholder data functions to PCI DSS compliant third-party service providers, with no electronic storage, processing, or transmission of any cardholder data on the merchant’s systems or premises.
Not applicable to face-to-face channels.
E-commerce merchants who outsource all payment processing to PCI DSS validated third parties, and who have a website(s) that doesn’t directly receive cardholder data but that can impact the security of the payment transaction. No electronic storage, processing, or transmission of any cardholder data on the merchant’s systems or premises.
Applicable only to e-commerce channels.
|B||Merchants using only:
Merchants using only standalone, PTS-approved payment terminals with an IP connection to the payment processor, with no electronic cardholder data storage.
Not applicable to e-commerce channels.
Merchants with payment application systems connected to the Internet, no electronic cardholder data storage.
Not applicable to e-commerce channels.
Merchants who manually enter a single transaction at a time via a keyboard into an Internet-based virtual terminal solution that is provided and hosted by a PCI DSS validated third-party service provider. No electronic cardholder data storage.
Not applicable to e-commerce channels.
|D (Merchant)||All merchants not included in descriptions for the above types.||Yes||Yes|
|D (Service Provider)||All service providers defined by a payment card brand as eligible to complete a SAQ.||N/A||N/A|
You can click on the matrix below for a downloadable PDF that shows the PCI DSS v4 controls as they apply to the SAQ levels:
Product Example - PCI DSS SAQ C Policies & Standards
The PCI DSS Cybersecurity Policies & Standards is focused entirely on PCI DSS v4.0 compliance. This contains a policy and supporting standards to address all of the PCI DSS v4.0 requirements for merchants.
The process of writing cybersecurity documentation can take an internal team many months and it involves pulling your most senior and experienced cybersecurity experts away from operational duties to assist in the process, which is generally not the most efficient use of their time. In addition to the immense cost of hiring a cybersecurity consultant at $300/hr+ to write this documentation for you, the time to schedule a consultant, provide guidance and get the deliverable product can take months. Even when you bring in a consultant, this also requires involvement from your internal team for quality control and answering questions, so the impact is not limited to just the consultant's time being consumed.
Comprehensive PCI DSS v4.0 Cybersecurity Policy & Standards
The PCI DSS Cybersecurity Policies & Standards can serve as a foundational element in your organization's cybersecurity program for PCI DSS compliance. It can stand alone or be paired with other specialized products we offer.
In light of the recent credit card breaches at major retailers, it is likely that a crackdown will follow for businesses to follow better IT security. One of the most important points to remember when it comes to compliance is that if you cannot prove you are compliant (e.g., documented policies & standards) then your business will be unlikely to count on business insurance to cover the expense of a breach. Our PCI DSS Cybersecurity Policies & Standards contains the policies, standards, and documentation you need to comply with PCI DSS version 4.0.
The benefits of our comprehensive PCI DSS Cybersecurity Policies & Standards include:
What Is The PCI DSS Policy & Standards?
Our products are one-time purchases with no software to install - you are buying Microsoft Office-based documentation templates that you can edit for your specific needs. If you can use Microsoft Office or OpenOffice, you can use this product! The Cybersecurity & Data Protection Program (CDPP) version for PCI DSS v4.0 contains necessary cybersecurity policies & standards in an editable Microsoft Word format. Our PCI DSS Cybersecurity Policy and Standards for version 4.0 of the PCI DSS includes:
- Complete coverage of all PCI DSS version 4.0 requirements - specific to SAQ A
- Certification of information security awareness training form
- Customizable Incident Response Plan (IRP)
- Business Impact Assessment (BIA) template
- Business Continuity Plan (BCP) & Disaster Recovery (DR) templates
- Service provider indemnification & Non-Disclosure Agreement (NDA) template
- User acknowledgement form
- Change management request form
- Risk assessment methodology template
- Appointment orders for an Information Security Officer (ISO)
- 40+ pages of policies, standards & guidelines that provide you comprehensive PCI DSS v4.0 coverage.
- 60+ pages of supplemental documentation that saves hundreds of hours by not having to make it on your own.
- Just as Human Resources publishes an “employee handbook” to let employees know what is expected for employees from a HR perspective, the PCI DSS Cybersecurity Policies & Standards does this from a cybersecurity perspective.
What Problem Does The PCI DSS Policy & Standards Solve?
- Lack of In House Security Experience - Writing security documentation is a skill that many good cybersecurity professionals simple are not proficient at and avoid the task at all cost. Tasking your security analysts and engineers to write comprehensive documentation means you are actively taking them away from protecting and defending your network, which is not a wise use of their time. The PCI DSS Cybersecurity Policies & Standards is an efficient method to obtain comprehensive security policies and standards for your organization!
- Compliance Requirements - PCI DSS is a requirement for most companies, regardless of industry. The PCI DSS Cybersecurity Policies & Standards is designed with compliance in mind, since it focuses on PCI DSS requirements.
- Audit Failures - Security documentation does not age gracefully like a fine wine. Outdated documentation leads to gaps that expose organizations to audit failures and system compromises. The PCI DSS Cybersecurity Policies & Standards shows you exactly what s required to both stay secure and compliant.
- Vendor Requirements - It is very common for clients and partners to request evidence of a security program and this includes policies and standards. The PCI DSS Cybersecurity Policies & Standards provides this evidence to cover the Cardholder Data Environment (CDE)!
How Does The PCI DSS Policy & Standards Solve It?
- Clear Documentation - The PCI DSS Cybersecurity Policies & Standards provides the comprehensive documentation to prove that your PCI DSS security program exists. This equates to a time saving of hundreds of hours and tens of thousands of dollars in staff and consultant expenses!
- Time Savings - The PCI DSS Cybersecurity Policies & Standards can provide your organization with a semi-customized solution that requires minimal resources to fine tune for your organization's specific needs.
- Alignment With Leading Practices - The PCI DSS Cybersecurity Policies & Standards is directly mapped to version 4.0 of the PCI DSS!
This Is How PCI DSS Cybersecurity Documentation Is Meant To Be Structured!
ComplianceForge provides businesses with exactly what they need to protect themselves - professionally written policies, procedures, standards and guidelines at a very affordable cost. Similar documentation standards can be found in Fortune 500 company that have dedicated IT Security staff. All information security policies and standards are backed up by documented best practices.
If your needs grow, you can upgrade to our Written Information Security Program (WISP), which is a more comprehensive document that is intended to address multiple compliance requirements, such as HIPAA, FACTA, GLBA, SOX, FISMA, in addition to PCI DSS. Our documentation is elegantly simple - you have alignment between the PCI DSS requirements, the policies, control objectives, standards and procedures. That is how IT security documentation is supposed to be written!