PCI Compliance Requirements Overview for Self-Assessments (SAQ) and QSA Reporting

What is PCI? What are the PCI compliance requirements for merchants, service providers, and other organizations having a credible nexus with cardholder data? Let’s try and answer some of these questions, hopefully providing you much-needed clarity regarding the Payment Card Industry Data Security Standards (PCI DSS) provisions.

PCI, according to the Payment Card Industry Security Standards Council, is the following:

“The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.”

Source: http://www.pcisecuritystandards.org/security_standards/pci_dss.shtml

In simpler terms, it’s about ensuring the protection of cardholder data being stored, processed, and/or transmitted by merchants, service providers, and other affiliated entities.  Stop and think about all the organizations that “touch” credit cards, and one can quickly see how widespread the adoption of PCI actually is.  Name an industry or business sector, and chances are highly likely – almost certain – that PCI is a large and notable presence, one that requires constant effort and attention.

As to what the actual PCI DSS requirements are, they consist of what’s known as twelve (12) core “Requirements” – mandates for protecting cardholder data.  Within these twelve (12) requirements are provisions for various policies, procedures, forms, etc. to be in place. It’s just one reason why pcipolicyportal.com came about – to provide high-quality, industry leading PCI compliance policies for all organizations, and for all levels of PCI compliance, from SAQ A – D, P2PE-HW and for Level 1 onsite assessments by an actual PCI-QSA.

As for the twelve (12) PCI “Requirements”, they consist of the following:

Build and Maintain a Secure Network
•    Requirement 1: Install and maintain a firewall configuration to protect cardholder data.
•    Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters.

Protect Cardholder Data
•    Requirement 3: Protect stored cardholder data.
•    Requirement 4: Encrypt transmission of cardholder data across open, public networks.

Maintain a Vulnerability Management Program
•    Requirement 5: Use and regularly update anti-virus software.
•    Requirement 6: Develop and maintain secure systems and applications.

Implement Strong Access Control Measures
•    Requirement 7: Restrict access to cardholder data by business need-to-know.
•    Requirement 8: Assign a unique ID to each person with computer access.
•    Requirement 9: Restrict physical access to cardholder data.

Regularly Monitor and Test Networks
•    Requirement 10: Track and monitor all access to network resources and cardholder data.
•    Requirement 11: Regularly test security systems and processes.

Maintain an Information Security Policy
•    Requirement 12: Maintain a policy that addresses information security.

Why PCI Policies and Procedures are Critical for Compliance

As for PCI compliance requirements for reporting, there are two essential categories – Self-Assessment, along with Level 1 onsite assessments by an actual licensed PCI-QSA.  While the vast majority of merchants (and to a certain degree, service providers), can “self-assess”, there are a large and growing number of organizations that actually require an onsite assessment by a PCI-QSA.  Regardless of which category you fall into, both the “self-assessment” process and the onsite assessments require organization’s to have documented PCI compliance policies and procedures in place.  Trust the experts at pcipolicyportal.com for all your PCI compliance policy needs.

PCI DSS Policies and Procedures for SAQ A – D,and QSA Assessments

From self-assessments to Level 1 onsite assessments by a PCI-QSA, pcipolicyportal.com has all the documented policies and procedures you’ll need for compliance. Specifically, we’ve developed PCI information security compliance policies and procedures and templates specific to each of the following reporting mandates:

PCI Policy Packets & Templates for all SAQ Requirements – Download Now

Specifically, pcipolicyportal.com provides policies, procedures, and templates for the following PCI DSS Self-Assessment Questionnaires (SAQ) PCI requirements:

• SAQ A
• SAQ A-EP
• SAQ B
• SAQ B-IP
• SAQ C
• SAQ C-VT
• SAQ P2PE-HW
• SAQ D for Merchants
• SAQ D for Service Providers

Purchase and immediately download your PCI Policies Packet today for SAQ A, B, C, C-VT, D, P2PE-HW, and Level 1 onsite assessments.

The Global Leader for PCI Policies and Procedures – Learn More

Learn more about the PCI certification process for both the Self-Assessment Questionnaires (SAQ A – D), and the Level 1 onsite assessments, along with the importance of PCI compliance policies, procedures, and templates for compliance by visiting pcipolicyportal.com today.