ITG-137:2011

The objective of this revised practical guide is to give entities advice and tips on the entire PCI implementation process. It provides a roadmap, helping entities to navigate the broad, and sometimes confusing, PCI DSS v2, and shows them how to build and maintain a sustainable PCI compliance programme. This latest revision also includes increased guidance on how to ensure your compliance programme is ‘sustainable’ and has been based on real-life scenarios, which should help to ensure your PCI compliance programme remains compliant. Although the guide starts with sections on why and what is PCI, it is not intended to replace the ‘publicly available’ PCI information. This book looks to serve those who have been given the responsibility of PCI, and does not attempt to provide all the answers. It should be read, absorbed and digested only with a good helping of other PCI ‘publicly available’ information. In other words, it will help an organisation or individual, get started, and hopefully furnish the reader with enough of the fundamental basics to create, design and build the organisation’s own PCI compliance framework.