Want to learn how to become PC compliant, then follow our lock-step process for determining the “who, what, when, where, and why” of PCI compliance for your business. PCI compliance can be an incredibly challenging and tiresome process – no question about it – so get the facts today from the company that’s been helping merchants and service providers since 2009 with high-quality documentation for PCI compliance, and that’s pcipolicyportal.com.

Compliance with the Payment Card Industry Data Security Standards (PCI DSS) can be achieved when merchants and service providers follow a proven process developed by payments experts.  pcipolicyportal.com, leaders in offering world-class documentation for PCI compliance, offer the following 10 Step PCI Certification Process:

1. Determine the Appropriate Merchant and Service Provider Level. While the vast majority – probably 98 to 99% of all merchants – can self-asses via the PCI DSS Self-Assessment Questionnaires (SAQ), you’ll still want to check to verify the cutoff based on transaction volume on an annual basis. Service providers may find this a little more challenging as the guidance on transaction volume is somewhat subjective, and of a lower amount, in terms of volume, that is.

2. Choose the correct Self-Assessment Questionnaire (SAQ). This is without question one of the more challenging aspects of compliance with the Payment Card Industry Data Security Standards (PCI DSS) – and for good reason – as there are eight (8) different Self-Assessment Questionnaires (SAQ) to choose from. It means you’ll truly need to understand your environment in terms of cardholder data, so begin here: https://www.pcisecuritystandards.org/documents/Understanding_SAQs_PCI_DSS_v3.pdf. This is a brief, yet very helpful document authored by the Payment Card Industry Security Standards Council (PCI SSS), the organizational body responsible for the actual PCI DSS compliance standards.

3. Download the actual SAQ from pcisecuritystandards.org. Visit pcisecuritystandards.org and download the actual Self-Assessment Questionnaire (SAQ) for PCI compliance. As the PCI DSS standards have matured over the years, there have been more SAQ’s added, and with PCI DSS version 3.0/3.1, merchants and service providers can now choose – as stated earlier – from eight (8) different SAQs. Just remember to take the time and become educated on which SAQ you’ll want to use.

4. Review and understand the actual SAQ. The actual Self-Assessment Questionnaires (SQA) put forth by the Payment Card Industry Security Standards Council (PCI SSC) are not for the faint of heart, as they can be quite challenging. It’s therefore critical to review AND understand all components of the SAQ, which means putting a team together, if necessary.

5. Obtain critical PCI policies & supporting documentation. Did you know that the most time-consuming and laborious process of becoming compliant with the Payment Card Industry Data Security Standards (PCI DSS) is developing policies and procedures? That’s right, comprehensive documentation is needed for PCI DSS compliance, so start by downloading the industry leading Policy Packet & Toolkits today from pcipolicyportal.com. Authoring policies is an incredibly mundane and time-consuming process, and it’s why businesses all throughout the globe turn to the PCI DSS experts at pcipolicyportal.com and the industry leading PCI Policies Packets.  From the Self-Assessment Questionnaires to Level 1 onsite reporting, PCI documentation is essential.

6. Become compliant. It’s time to put into action the policies, procedures, and other initiatives, so roll up those sleeves and get busy. This means it’s time for a true philosophical about-face gut check with all your employees, and that’s because PCI compliance requires a shift in cultural ideology. It’s not something you can pick up once in a while and put down, rather, it requires a true commitment from everyone in the organization for helping ensure the safety and security of cardholder data.

7. Conduct vulnerability scan and penetration testing, if necessary. From a technical perspective, vulnerability scanning and penetration testing is absolutely critical, which means you’ll need to determine the correct range of IPs, both internally and externally, and asses the type of penetration test to be conducted, if applicable.  While some organizations may very well be exempt from scanning and pen testing, most merchants and service providers will have to undertake such initiatives.

8. Complete the Attestation of Compliance (AoC). Once you’ve actually undertaken the heavy lifting of PCI DSS compliance – such as putting in place all mandated policies, procedures, .and processes – then it’s time to actually complete the official PCI DSS Attestation of Compliance (AoC).  This is a relatively straightforward process that requires merchants and service providers to complete a short form attesting to PCI DSS compliance.

9. Continue to strive for compliance. PCI compliance is an annual commitment, so getting through the first year is great, but it’s a task that needs to be tacked each and every year. A good school of thought is not to start and stop PCI compliance – rather – build it into the culture of your organization for helping ensure the safety and security of critical cardholder data at all times.

10. Practice what you preach for PCI. You’ve worked long and hard to put in place all mandated PCI DSS policies and procedures – great – but don’t forget to practice what you preach and really strive for the ideological culture change. PCI compliance is difficult at times – that we all know – so get serious about ensuring the safety and security of cardholder data by working hard every day at meeting and/or exceeding the PCI DSS mandates.

It’s a proven 10 step process that works quite well, especially for any organization new to the world of PCI DSS compliance. It’s not an overnight process, but you’ll get there, and annual re-certification becomes that much easier.  We’re often asked. “what’s the single biggest obstacle to becoming compliant with the Payment Card Industry Data Security Standards (PCI DSS)” – and it is policies and procedures – no question about it.  Documentation is key for an efficient and comprehensive certification process, so download the Global PIC DSS Policies Packets today from pcipolicyportal.com and get compliant now.

To broaden the perspective on PCI DSS compliance even more, just remember the three (3) P’s – policies, procedures, and processes.  Policies simply state the organization’s stance and various initiatives. Procedures and processes then actually state the actions to undertake for such policies – hence the profound importance of documentation for PCI compliance.

Download the very best PCI policies and procedures today and learn more about how to become PC compliant by visiting pcipolicyportal.com.