CISS has recently integrated the PCI DSS latest version 3.2 into their framework! Using the CISS PCI template is now simpler than ever! Read more about the audit and testing for PCI DSS!

What is PCI DSS Compliance?

Every company that deals with payment card transactions must stand by the PCI DSS or Payment Card Industry Data Security Standard. This is a system of standards which includes a set of requirements and rules that are specially created to place controls around the cardholder information. The system ensures protection and stability when paying with credit cards and guards your company against credit card frauds.

PCI DSS stands for a wide range of security regulations but beyond the utilization of intrusion protection systems, firewalling, antivirus software, and etc. The understanding of the responsibilities, duties, and the requirements of the retailer or merchant can sometimes seem confusing, complicated and expensive and this is considered as the biggest disadvantage of the data security standard system. However, according to the experts and professionals in this area, it does not have to be this way. You need to find a way to approach the system without complicating the things or confusing the standards. You need to find a way to take advantage of the benefits of Payment Card Industry Data Security Standard which include protecting corporate brand and reputation, a more secure network, a protection against network attacks and data breaches, and etc.

Additional Reading: The Mobile First Design: Everything You Need to Know

A Short Introduction to CISS PCI

Now you can form your PCI audit based on your scope by choosing one or more PCI areas or requirements. Once CISS has integrated the latest version of PCI DSS or 3.2 into the CISS framework on the Nimonik platform. Reporting and performing PCI testing and audit, they are saying that using the CISS PCI template is now easier than ever.

About the CISS Framework

The CISS plan involves these few templates:

  • The Information Security Template (this template captures 169 different controls which are outlined in ISO 27001 and ISO 27002 standard). The Information Security Template is enhanced by the operational controls such as COBIT, ITIL, SOX, GxP, governance controls, information security controls, and IT related company level controls.
  • ISO 27001 – The Standard 2013
  • PCI DSS (the newest version 3.2.) – It includes 464 different controls

Each control includes a detailed description and information. For additional information, you can check the official CISS website.