What is PCI
The company’s cardholder data environment (CDE) demonstrates Compliance with the Payment Card Industry Data Security Standard (PCI DSS). The type of audit depends on two points:
- the compliance requirements of the payment brand and
- the level of the merchant/service provider as defined by that brand.
One aspect that management overlook is the importance of the documentation. Without it, you could risk failing an audit and a severe loss of business when you cannot transact any sales.
When the documentation is complete it defines how the company complies with PCI regulations.
PCI Documentation, Monitoring and Audit Logs
An auditor will check that the documentation provides evidence of compliance.
The auditor will review your processes, log files, policies, processes and network flow diagrams.
A secure company will fail a compliance audit if its Security
Policy does not adequately fulfil each of the Standard’s 12 requirements.
You must demonstrate at an audit that you have documented the policies, procedures and supporting processes. Network flow diagrams must be readily available as proof.
Documentation is essential to the success of a PCI project and it is worth doing the task using a skilled Technical Author who knows the ropes.
- Be sure to allocate enough financial resources to the writing requirements.
- Make sure you prepare for the documentation early in the project.
- Do not start the documentation when the end of the project is within sight – it will be too late!
- you might need more than one Technical Writer
