Explore our PCI DSS certification - designed to help you out at whatever stage you are at.
Step 1: Understanding of PCI DSS
PCI DSS provides confidence to stakeholders that payment card data is secure. It makes sure that organizations consider the people, processes and technologies involved in payment card processing systems. It covers the 12 main requirements under the following categories:
- Build and maintain a secure network and systems
- Protect card holder data
- Maintain a vulnerability management programme
- Implement strong access control measures
- Regular monitor and test networks
- Maintain an information security policy
Where do i start with PCI DSS?
You need to:
- Download the standard and read it; understand the content, your requirements and how it will improve your business
- Contact us so we can answer your questions and help your organizations needs
Step 2: Implementing PCI DSS
Where do i start with implementing PCI DSS? Implementation of a standard like PCI DSS becomes much clearer once you have determined the scope for your organization. This will be different depending on your organization’s role when it comes to handling payment card data. You need to:
- Determine your scope
We can deliver onsite scoping workshops where we work with your organization to understand your role and different touch points to help determine your scope. Our PCI DSS training course will provide you the knowledge and skills to determine your scope, as well as understand the core requirements for PCI DSS so you can identify the best approach for implementation.
- Ensure your organization understands the principles of PCI DSS, the roles individuals they’ll need to play and review your activities and processes against the standard.
- Let us facilitate your implementation of the requirements, such as security controls, encryption and patch management*
- Understand how close your PCI DSS is to meeting the requirements in order to be certified.
- Consider using our Entropy Software to support with implementation.
*Only available to clients who are not ISO/IEC 27001 certified with BSI
Step 3: Certification
There are two different compliance assessments for PCI DSS. If you only require a self-assessment we can review your questionnaire to ensure it is appropriately completed. We can also work with you to deliver a compliance report* If you need to gain certification to the standard and undergo a full assessment with a Qualified Security Assessor (QSAs), that’s where our team of experienced team can help.
How to get certified to PCI DSS PCI DSS certification should be hassle-free. You’ll be appointed a BSI Client Manager, a trusted expert with relevant industry experience to your business, who can guide you through the process. The steps to PCI DSS certification:
1. PCI DSS gap analysis
An optional service which takes place before your assessment visits. We’ll take a closer look at your existing PCI DSS system and compare it with the requirements of the standard. It’s a really cost effective way to check if there are any areas you need to work on before we carry out a formal assessment.
2. Formal assessment
A two-stage process. First your BSI Client Manager will review your organization’s readiness for assessment by checking if the necessary PCI DSS procedures and controls have been developed in your organization. We will share the details of our findings with you so that if we find gaps, you can close them. Next, if all the requirements are in place, we’ll assess the implementation of the procedures and controls within your organization to make sure that they are working effectively as required for certification of PCI DSS.
3. Certification and beyond
When you achieve certification you’ll receive your BSI PCI DSS certificate which is valid for three years. Your BSI Client Manager will visit you regularly to make sure your system doesn’t just remain compliant, but it continually improves and adds value to your organization.
Celebrate your success
When you achieve PCI DSS certification with us, you’ll be able to show your commitment to managing payment card information securely. It’s a great opportunity to celebrate your achievement, promote your business and show that you’re a trusted organization which could open up new business opportunities.
Plus at BSI, we can combine your PCI DSS audit with ISO/IEC 27001 assessments so you have a consistent approach to your wider information security programme. With aligned visit cycles, you have less disruption and greater efficiency, all from a business partner you can trust. Show your stakeholders that payment card security and protecting information is at the heart of your business.