Diagram Your Processes


When you think of PCI DSS, you probably don’t automatically think of drawing diagrams. But diagrams are vital to understanding your scope, understanding your environment, and are two of the PCI requirements that may apply to you. PCI DSS requires three types of diagrams: High-level network diagrams. Detailed network diagrams. Cardholder data flow diagrams. In [...]

Diagram Your Processes2020-03-18T11:54:35+13:00

What’s My PCI Scope?


The word “scope” gets used a lot when you’re talking about PCI DSS. But it is also often misunderstood. This article provides some basic information about scope and how to start understanding what is in-scope for PCI DSS. Who is Responsible for Scoping? Both you and your QSA need to be able to understand the [...]

What’s My PCI Scope?2020-03-18T11:55:01+13:00

What Makes a Change Significant?


One of the most frequent questions we get is what the term “Significant Change” means for PCI. In this article we try to demystify this term a little and help you understand the various ways that the term is used in PCI DSS. What is Significant Change? The PCI SSC says that a significant change [...]

What Makes a Change Significant?2020-03-18T11:56:35+13:00

PCI By the Numbers 2019


Every year, Verizon publishes a report on PCI DSS and the key findings from the year. 2019 was no different. One of the most interesting findings of this report is how few organisations have a programme in place to measure the maturity of the PCI compliance program. Approximately 60% of organisations that were surveyed did [...]

PCI By the Numbers 20192020-03-16T10:02:14+13:00

What is PCI DSS?


Overview The Payment Card Industry Data Security Standard (PCI DSS) is a set of twelve high-level requirements which all merchants and service providers who take card payments or who manage systems that are involved in transactions are required to follow. PCI DSS has high-level requirements and detailed testing requirements that need to be carried out [...]

What is PCI DSS?2020-03-18T12:38:53+13:00

PCI DSS Version 3.2 – Important Deadlines


OVERVIEW In April 2016, Version 3.2 of the Payment Card Industry Data Security Standard (PCI DSS) was released. This new version of the standard contains a number of new requirements which come into full force as of 1 February 2018. This document provides an overview of what is new in Version 3.2, separated by: Clarification of [...]

PCI DSS Version 3.2 – Important Deadlines2020-03-11T12:29:40+13:00