PCI DSS Documentation Toolkit
PCI DSS Documentation Toolkit
If your organisation handles card payments, it must comply with the PCI DSS (Payment Card Industry Data Security Standard), or risk financial penalties or even the withdrawal of the facility to accept card payments.
A large part of PCI DSS compliance involves creating and maintaining documentation to demonstrate that you are meeting the Standard’s requirements.
This includes formal security policies, processes and procedures, records of your cardholder data processing, ASV scan reports, and more.
Documentation must support all applicable PCI requirements and provide practical operational guidelines for anyone working with payment card data.
Needless to say, creating this amount of documentation from scratch is time-consuming and complicated.
Save hours of work and consultancy fees
Our PCI DSS Documentation Toolkit provides you with the policies, procedures and work instructions you need to demonstrate your organisation’s compliance with the PCI DSS.
All the templates have been designed from a PCI audit perspective by a qualified PCI QSA (Qualified Security Assessor), and can easily be customised to suit your organisation’s needs. Download the toolkit’s full contents list.
As well as containing an extensive list of customisable templates appropriate for the PCI DSS, it includes a set of project management tools, including a PCI DSS roles and responsibilities matrix, a document checker, a gap analysis tool and a scoping guide.
Did you know?
On average, our PCI DSS consultants use at least 50% of the toolkit’s policies on every engagement – that equates to at least 15 or 16 policies that our clients would otherwise need to draft themselves.
This saves approximately seven full days of writing, including:
Meet the PCI DSS requirements
On average, our PCI DSS consultants use at least 50% of the toolkit’s policies on every engagement – that equates to at least 15 or 16 policies that our clients would otherwise need to draft themselves.
The PCI DSS Documentation Toolkit offers a shortcut through the Standard’s documentation requirements, with extra features to streamline your compliance programme.
| Features | This will help you to |
| PCI DSS Gap Analysis | Assess the current state of your PCI compliance.
The first step of your compliance project should be to determine the extent of the work you need to carry out. The gap analysis tool breaks each of the 12 PCI DSS requirements into their component clauses, providing guidance notes and testing procedures for each, as well as listing which SAQ (self-assessment questionnaire) they are present in. Once the requirements have been met, you can then select the relevant SAQ and see how close you are to achieving compliance. |
| PCI Document Analysis Tool | Determine which documents you need to complete.
The Document Analysis Tool makes it easy to see if all the documentation required by the PCI DSS is in place in your organisation. It lists the documents from the toolkit that apply to each PCI DSS requirement, as well as which SAQs the requirements apply to. Once you have selected which documents you have, you can select your SAQ type to see an overview of how complete your documentation is, sorted by priority. |
| PCI documentation templates | Complete the required policies to the right level of detail.
The toolkit provides you with customisable templates for all the documentation required by the Standard, including:
|
| ISO 27001 clause mapping | Learn how to integrate the PCI DSS and ISO 27001.
The toolkit maps the PCI DSS’s requirements to the relevant clauses in the information security management standard ISO 27001. It can help you establish the foundations of an ISO 27001-compliant ISMS (information security management system), and can be fully integrated with our ISO 27001 Toolkit. |