About PCI DSS (Payment Card Industry Data Security Standard) |
What is PCI DSS?
- The Payment Card Industry (PCI) Data Security Standard (DSS) represents a set of fundamental security requirements, industry tools and measurements that address the handling of sensitive (i.e., cardholder) information.
- It applies to credit and debit cards.
- The PCI DSS is comprised of six control objectives and twelve primary requirements. The six control objectives are:
- Build and Maintain a Secure Network
- Protect Cardholder Data
- Maintain a Vulnerability Management Program
- Implement Strong Access Control Measures
- Regularly Monitor and Test Networks
- Maintain an Information Security Program
How does Deloitte relate to PCI DSS?
Our Security and Privacy practice have, through engagements with a range of clients in a variety of sectors, built up a wealth of knowledge on the standard, how it needs to be applied and how to maximise benefit whilst minimising impact. We feel the following have been important contributors in our success in assisting our clients with their PCI DSS programmes:
- Breadth and depth of skills – We have a large pool of resources with a broad and deep set of skills allowing us to address all of the issues presented by a PCI DSS compliance programme
- Practical implementation experience – We are experienced in delivering complex security remediation programmes which involve people, process and technology change
- Rigorous programme management skills – We are able to leverage the substantial programme management experience and expertise that we have within Deloitte
- Collaborative approach to delivery – We believe that working closely with our clients and their partners is very important to the success of any PCI DSS programme
PCI DSS Certifications: