By Brandon on Wednesday, 19 June 2019
Category: Uncategorized

PCI DSS Compliance Checklist for Texas Merchants & Businesses | Overview & Guidelines for Certification

NDB offers the following PCI DSS compliance checklist for Texas merchants and services providers – a comprehensive overview for becoming compliant with the Payment Card Industry Data Security Standards (PCI DSS).

1. Understand what PCI DSS is. Ask ten different businesses in Texas what PCI is and what’s needed to become compliant and you’ll more than likely get ten different answers.  That’s because everyone’s interpretation of the Payment Card Industry Data Security Standards (PCI DSS) differs. The point is that you need to truly understand the technical aspects of PCI compliance, what it takes to become compliant, the actual reporting process to undertake, and many other important considerations. 

Visiting the official PCI DSS website at pcisecuritystandards.org is a great place to start, as the Payment Card Industry Security Standards Council (PCI SSSC) is the governing body for the PCI DSS standards. From downloading essential forms to learning about key terms, you’ll find all the information needed to truly gain a strong working knowledge of the PCI DSS framework. 

2. Learn about the reporting requirements. Luckily, the vast majority of Texas businesses – both merchants and service providers – can annually comply with the PCI DSS standards via any number of the PCI DSS Self-Assessment Questionnaires (SAQ), from SAQ-A to SAQ-D. However, there are a select few businesses that will have to perform an annual Level 1 onsite assessment via a Payment Card Industry Qualified Security Assessor (PCI-QSA).  Here’s what you need to know at a high-level about PCI DSS reporting:

3. Are you a merchant or a service provider? You will need to determine this up front, as this can make a big difference in the scope of one's assessment.

4. Begin with a scoping & readiness assessment. This is one of the most fundamentally important things that can be done for ensuring PCI DSS compliance is a smooth and efficient process.  NDB offers fixed-fee PCI Scoping & Readiness assessments.

5. Remediate all gaps and issues. One of the most demanding and time-consuming aspects of becoming – and staying – PCI DSS compliant for Texas businesses is remediating gaps and deficiencies within one’s control environment. Specifically, security tools and solutions often have to be acquired, system configuration changes have to be made, and documentation (i.e., information security policies and procedures) have to be developed and implemented. This “can” be an exhaustive exercise, but NDB can assist as we offer a wide range of remediation services and solutions for helping Texas businesses become – and stay – PCI DSS compliant.

6. Obtain critical PCI policies and procedures templates.  Documentation is essential for becoming PCI DSS compliant, especially when it comes to the various policies and procedures you’ll need to develop. Think access control policies and procedures, incident response policies and procedures, change management and change control policies and procedures. 

These are just a few of the almost fifty (50) different policies and procedures you’ll need to have in place for PCI DSS compliance. NDB can help, as we’re experts in authoring information security documents. 

7. Perform essential security awareness training.  This is a strict requirement for PCI DSS compliance, so keep this in mind.

8. Undertake an annual risk assessment process.  Again, another strict requirement for PCI DSS compliance. NDB can assist, as we offer a risk assessment program template that's complimentary to our clients.

9. Determine any third-party applicability for PCI DSS compliance.  If other organizations have access to your environment, then you will need to conduct additional due-diligence measures on them.

10. Engage in “Continuous Monitoring”. You will need to monitor your controls throughout the year. NDB can assist in developing a continous monitoring program.

Contact us today at 512-522-4943 (Austin), 214-272-0967 (Dallas), or at 713-331-5492 (Houston) to learn more about NDB’s services, or email us at This email address is being protected from spambots. You need JavaScript enabled to view it. to discuss your PCI DSS needs and to receive a fixed-fee quote.