What is PCI
An audit of the company’s cardholder data environment (CDE) demonstrates Compliance with the Payment Card Industry Data Security Standard (PCI DSS). The type of audit depends on the compliance requirements of the payment brand and the level of the merchant/service provider as defined by that brand. One aspect that management overlook when a PCI project is in the pipeline is the importance of the Policy and Process documentation (PCI Documentation), which defines how the company complies with PCI regulations.
PCI Documentation, Monitoring and Audit Logs
It is crucial to ensure that your documentation is complete because it provides evidence of compliance. The auditor will review your processes, log files, policies, processes and network flow diagrams.
Even the most secure company will fail a compliance audit if it cannot prove that its Security Policy adequately fulfils each of the Standard’s 12 requirements.
A successful audit depends on being able to demonstrate that you have documented the policies, procedures and supporting processes, and that network flow diagrams are readily available as proof.