Skip to main content


The PCI Security Standards Council offers robust and comprehensive standards and supporting materials to enhance payment card data security.  These materials include a framework of specifications, tools, measurements and support resources to help organizations ensure the safe handling of cardholder information at every step. 

For more information concerning PCI DSS, please visit our PCI DSS page.


Per PCI DSS policy:

  • We have to Establish, publish, maintain, and disseminate a security policy.
  • Develop daily operational security procedures that are consistent with PCI DSS requirements.
  • Develop usage policies for critical technologies.
  • Ensure that the security policy and procedures clearly define information security responsibilities for all personnel.
  • Assign to an individual or team the following information security management responsibilities:
    • Establish, document, and distribute security policies and procedures.
    • Monitor and analyze security alerts and information, and distribute to appropriate personnel.
    • Establish, document, and distribute security incident response and escalation procedures to ensure timely and effective handling of all situations.
    • Administer user accounts, including additional, deletions, and modifications.
    • Monitor and control all access to data.
    • Implement a formal security awareness program to make all personnel aware of the importance of cardholder data security
      • Educate personnel upon hire and at least annually.
      • Require personnel to acknowledge at least annually that they have read and understand the security policy and procedures
    • Screen potential personnel prior to hire to minimize risk of attacks from internal sources.
    • If cardholder data is shared with service providers, maintain and implement policies and procedures to manage service providers.
    • Implement an incident response plan.  Be prepared to respond immediately to a system breach.

For more information concerning our payment card policies please visit our payment card policy page.

For more information concerning how to build and maintain your merchant manual please visit our merchant manual page.

To better assist you we have developed a few key things you should do (and also not do!) to ensure you are compliant with PCI standards.  This simple list of Do's and Do Not's should get you started down the path of PCI compliance.


If you would like additional information concerning PCI DSS training, please consult our training section

Reviewed 2019-08-05