The objective of this (revised 2011) practical guide is to give entities practical advice and tips on the entire Payment Card Industry (PCI) implementation process. It provides a roadmap, helping entities to navigate the broad and sometimes confusing Payment Card Industry Data Security Standard (PCI DSS) v2 and shows them how to build and maintain a sustainable PCI compliance programme.
This latest revision also includes increased guidance on how to ensure your compliance programme is ‘sustainable’ (see Chapter 9). This has been based on real-life scenarios and should help to ensure your PCI compliance programme remains compliant.
Although the guide starts with sections on why and what is PCI, it is not intended to replace the ‘publicly available’ PCI information. Thus, it is designed more to provide additional and practical guidance to help support IT directors, project managers, executives and IT security officers who have been tasked with ensuring PCI compliance within their entity.
So, this book looks to serve those who have been given the responsibility of PCI; it does not attempt to provide all the answers. It should be read, absorbed and digested, only with a good helping of other good PCI ‘publicly available’ information. (Please refer to www.pcisecuritystandards.org/ for more information.) In other words – it will help an entity get started and, hopefully furnish the reader with enough of the fundamental basics to create, design and build a comprehensive PCI compliance framework that maintains and demonstrates compliance well into the future.