Representatives of banks, retail networks, travel companies and other enterprises constantly address our company with a request to help them undergo the PCI DSS standard certification. Of course, our clients have a lot of different questions.
Our key specialists have decided to develop a step-by-step instruction, due to which any client will receive information about what his company needs to do in order to successfully collect the PCI DSS certificate.
It can’t hurt to recall once again what the PCI DSS standard is and why it is needed.
The PCI DSS standard is a set of security requirements for the cardholder data that are stored, transmitted and processed in the information infrastructures of organizations.
Payment Card Industry Data Security Standard (PCI DSS) was developed by the Payment Card Industry Security Standards Council (PCI SSC) which was established by such international payment systems as Visa, MasterCard, American Express, JCB and Discover.
The primary objectives of the PCI DSS standard are to ensure the network infrastructure security and protect the cardholder data. These data are hunted by the intruders in order to embezzle the funds. That’s why, the PCI DSS standard focuses on the card data privacy.
The PCI DSS standard requirements apply to the trading companies, banks, service providers of all kinds, retail stores, call centers, payment gateways and other enterprises and organizations that deal with the processing, transmitting and storing of cardholder data.
We have just found out what the PCI DSS standard certification is all about. Now it’s time to determine what specific steps you need to make towards the certification.
Step 1 – Questionnaire:
Previously you need to fill in the questionnaire for selecting and evaluating the certification procedure. It helps our specialists to understand what exactly you need and to determine the certification cost.
All our customers are interested in the certification cost and timescales.
Completing the questionnaire is the first and very important step. It simplifies the computations of the timescales and cost needed to successfully complete the PCI DSS certification.
Where do I get this questionnaire and how do I fill it in?
You can receive the questionnaire by e-mail, as well as ask our experts questions by clicking the button on the right.
If you can’t fill in the questionnaire during the phone conversation, then our consultant will come to your office. He will clarify all the nuances and warn against all the negative consequences.
The consultant’s visit to your office is completely free. Our company takes all measures to save your money and time.
The first step results are as follows: selected PCI DSS certification procedure, final price, stages and timescales.
Step 2 – Agreement:
To undergo certification according to the PCI DSS standard requirements, you must sign an Agreement between your company and the IT-specialist company.
After signing the agreement, you need to make a prepayment at the rate of 50% of the total amount to the IT-specialist company account.
Step 3 – Technical analysis:
Specialists and technical experts carry out the preliminary technical analysis.
What does that mean?
It includes many different activities. Let’s discuss it in more detail:
– As a part of the technical analysis, the existing technical and regulatory documents are checked and analyzed, the PCI DSS standard requires their availability. Document management is done in both paper and electronic form.
– The individual interviews are conducted with your company’s technical specialists, system administrators or software developers. It’s necessary in order to find out all the technical nuances and analyze how your company follows and meets all the PCI DSS standard requirements.
– Inspection of the premises, technical equipment and the payment card processing are carried out.
– Your company’s information system security is being diagnosed. It is done with the use of software and technical tools, as well as specialized vulnerability scanners.
Not all companies need such diagnostics. Whether it’s necessary for your company or not, you will get to know at the stage of completing the questionnaire.
As a result, you receive a detailed report. It contains a list of non-compliances with the PCI DSS standard requirements. The report will also provide recommendations for their elimination.
Step 4 – Interim adjustment:
There is an elimination of all non-compliances mentioned in the report. It is conducted in close coordination between your and our specialists. A flexible schedule of mutual cooperation will be developed for convenience.
Step 5 – Certified audit:
At this stage we have a final check or certification audit. In fact, this is the final checkout for compliance with all the PCI DSS standard requirements.
According to the results, your company receives the detailed electronic report and certificate confirming compliance with all the PCI DSS standard requirements.
Step 6 – Payment:
There is an official registration of your PCI DSS certificate by an authorized auditor. Your company pays off the remaining 50% of the total amount specified in the Agreement.
Step 7 – PCI DSS certificate issuing:
You receive a certificate of compliance with the PCI DSS standard in paper form with the ink stamps and signatures. You can receive the certificate in the company office (IT-specialist), or it can be delivered to your office by express delivery service.
Step 8 – Further cooperation:
Your PCI DSS certificate is valid for 12 months. After 10 months, i.e. 2 months before the expiry date, you need to contact us to renew your PCI DSS certificate for the next year. When you reapply, the procedure is simplified. And cost of the company’s services is significantly reduced.
These are the basic steps you need to make towards the PCI DSS standard certification.
Let’s enumerate once again all eight steps needed for completing the PCI DSS certification:
Step 1 – Questionnaire;
Step 2 – Agreement;
Step 3 – Technical analysis;
Step 4 – Interim adjustment;
Step 5 – Certified audit;
Step 6 – Payment;
Step 7 – PCI DSS certificate issuing;
Step 8 – Further cooperation.
Read more in the blog