New PCI DSS Toolkit Simplifies Compliance

Achieving compliance with the Payment Card Industry Data Security Standard ('PCI DSS') is a critical business issue for all merchants that accept credit and debit cards. To help explain and simplify the compliance process, IT Governance Limited has launched a new PCI DSS Toolkit.

Ely, England (PRWEB) November 24, 2007 -- Achieving compliance with the Payment Card Industry Data Security Standard ('PCI DSS') is a critical business issue for all merchants that accept credit and debit cards. However, many remain unsure about the level of compliance required of their organisation and how best to achieve this. To help explain and simplify the compliance process, IT Governance Limited has launched a new PCI DSS Toolkit.

The PCI DSS must be met by all organisations (merchants) that accept credit and debit cards issued by the major credit card companies. It is a contractual obligation applied and enforced directly by the payment providers, and a failure by a merchant to comply can result in fines, restrictions or other costly repercussions.

The Standard requires merchants and member service providers to adopt various specific measures to ensure data security. These include building and maintaining a secure IT network, protecting cardholder data and maintaining a vulnerability management programme and information security policy. The Standard's compliance requirements are ranked in four levels, and the level of compliance required of a merchant is based upon the volume of payment card transactions it processes annually.

The new PCI DSS Toolkit, which has been developed to work internationally, will support all organisations faced with PCI DSS compliance. It is particularly helpful to merchants required to comply with levels 2 and 3 of the Standard, for whom completion of a self-assessment questionnaire is a requirement, as well as level 4 organisations. It contains a full set of templates for the mandatory PCI DSS policies, as well as a PCI slide presentation and full PCI DSS SAQ completion guidance, a cross-mapping to ISO27001/ISO27002 best practice, and the manual of PCI DSS implementation guidance. It is priced at just £199 and available at www.itgovernance.co.uk/1337 .

Alan Calder, chief executive of IT Governance, said, "There is simply no alternative but for merchants to comply with the Payment Card Industry Data Security Standard. However, organisations facing the Standard for the first time are frequently bewildered by its requirements and uncertain of how to meet them. This new Toolkit radically simplifies the compliance process and reduces it to a clear sequence of actions that can be performed efficiently, leaving merchants free to focus on the essential work of serving their customers."

Notes To Editors

The Payment Card Industry Data Security Standard ('PCI DSS') was originally developed by Visa International and MasterCard Worldwide, and endorsed by other payment providers including American Express, Diner's Club, JCB and Discover Financial Services. This Standard included the requirements of Visa's Cardholder Information Security Program (CISP) and MasterCard's Site Data Protection (SDP). It is designed to protect payment providers and merchants from identity theft and credit card security breaches.

IT Governance Ltd is a leading authority on data security and IT governance for business and the public sector. It is the world's most comprehensive publisher and distributor of books, tools, information and advice for Governance, Risk Management and Compliance. IT Governance is 'non-geek': it approaches IT issues from a non-technology background and talks to management in its own language. Its customer base spans Europe, the Americas, the Middle East and Asia. More information is available at www.itgovernance.co.uk.

Alan Calder is an international authority on information security management. He led the world's first successful implementation of BS 7799, the information security management standard upon which ISO 27001 is based, and wrote the definitive compliance guide for this standard, 'IT Governance: A Manager's Guide to Data Security and BS7799/ISO17799'. The 3rd edition of this book is the basis for the UK Open University's postgraduate course on Information Security. He is a consultant to companies including Cisco. He regularly blogs on IT security issues at http://alancalder.blogspot.com/.

###