NDB offers the following PCI DSS compliance checklist for Texas merchants and services providers – a comprehensive overview for becoming compliant with the Payment Card Industry Data Security Standards (PCI DSS).
1. Understand what PCI DSS is. Ask ten different businesses in Texas what PCI is and what’s needed to become compliant and you’ll more than likely get ten different answers. That’s because everyone’s interpretation of the Payment Card Industry Data Security Standards (PCI DSS) differs. The point is that you need to truly understand the technical aspects of PCI compliance, what it takes to become compliant, the actual reporting process to undertake, and many other important considerations.
Visiting the official PCI DSS website at pcisecuritystandards.org is a great place to start, as the Payment Card Industry Security Standards Council (PCI SSSC) is the governing body for the PCI DSS standards. From downloading essential forms to learning about key terms, you’ll find all the information needed to truly gain a strong working knowledge of the PCI DSS framework.
2. Learn about the reporting requirements. Luckily, the vast majority of Texas businesses – both merchants and service providers – can annually comply with the PCI DSS standards via any number of the PCI DSS Self-Assessment Questionnaires (SAQ), from SAQ-A to SAQ-D. However, there are a select few businesses that will have to perform an annual Level 1 onsite assessment via a Payment Card Industry Qualified Security Assessor (PCI-QSA). Here’s what you need to know at a high-level about PCI DSS reporting:
- The vast majority of merchants will fall into the Level 2 – 4 categories 4, meaning you can use any number of the SAQ questionnaires. While that removes you from performing the much-dreaded Level 1 onsite assessment performed by a PCI-QSA, there’s still work to be done in terms of auditing and compliance. Just because it says “SAQ” doesn’t mean it’s a walk in the park – hardly. In fact, a large number of Texas merchants and service providers needing to become PCI DSS compliant fall victim to the false assumption that they can perform the SAQ on their own, when that’s not the truth. You need help, and NDB is here to assist in getting you compliant in an efficient, cost-effective, and scalable manner. Contact us today to learn more.
- Documentation is often the biggest, most challenging, and most time-consuming hurdle to overcome in terms of PCI DSS compliance. And it’s why NDB offers industry-leading tools, templates, and other supporting documents for Texas businesses.
- Spending time on ensuring compliance long after your initial PCI DSS SAQ is completed is mandatory. Think about it, compliance isn’t really about a stop and start process, it’s about putting in place controls and continuously monitoring them. NDB offers continuous monitoring services for Texas merchants and service providers when it comes to PCI DSS compliance, or any other of today’s demanding regulations.
3. Are you a merchant or a service provider? You will need to determine this up front, as this can make a big difference in the scope of one's assessment.
4. Begin with a scoping & readiness assessment. This is one of the most fundamentally important things that can be done for ensuring PCI DSS compliance is a smooth and efficient process. NDB offers fixed-fee PCI Scoping & Readiness assessments.
5. Remediate all gaps and issues. One of the most demanding and time-consuming aspects of becoming – and staying – PCI DSS compliant for Texas businesses is remediating gaps and deficiencies within one’s control environment. Specifically, security tools and solutions often have to be acquired, system configuration changes have to be made, and documentation (i.e., information security policies and procedures) have to be developed and implemented. This “can” be an exhaustive exercise, but NDB can assist as we offer a wide range of remediation services and solutions for helping Texas businesses become – and stay – PCI DSS compliant.
6. Obtain critical PCI policies and procedures templates. Documentation is essential for becoming PCI DSS compliant, especially when it comes to the various policies and procedures you’ll need to develop. Think access control policies and procedures, incident response policies and procedures, change management and change control policies and procedures.
These are just a few of the almost fifty (50) different policies and procedures you’ll need to have in place for PCI DSS compliance. NDB can help, as we’re experts in authoring information security documents.
7. Perform essential security awareness training. This is a strict requirement for PCI DSS compliance, so keep this in mind.
8. Undertake an annual risk assessment process. Again, another strict requirement for PCI DSS compliance. NDB can assist, as we offer a risk assessment program template that's complimentary to our clients.
9. Determine any third-party applicability for PCI DSS compliance. If other organizations have access to your environment, then you will need to conduct additional due-diligence measures on them.
10. Engage in “Continuous Monitoring”. You will need to monitor your controls throughout the year. NDB can assist in developing a continous monitoring program.
Contact us today at 512-522-4943 (Austin), 214-272-0967 (Dallas), or at 713-331-5492 (Houston) to learn more about NDB’s services, or email us at This email address is being protected from spambots. You need JavaScript enabled to view it. to discuss your PCI DSS needs and to receive a fixed-fee quote.