PCI compliance: 4 steps to properly scope a PCI assessment

Although it might sound straightforward, scoping a PCI assessment can be a challenge even for experienced organizations. Experts offer their best advice for avoiding PCI missteps.

A network of security components overlays a credit card payment made by laptop user.
Klingsup / Getty Images

Any organization that accepts, processes, stores or transmits payment cards must show they’re compliant with the Payment Card Industry Data Security Standard (PCI DSS), and to do that, the organization must undergo an annual PCI assessment.

This assessment, or audit, is meant to confirm that the organization meets the PCI DSS security and control requirements.

Although the standards are prescriptive, how they fit into each organization can vary as the people, processes and technologies used to handle payment card data in each organization are unique.

As a result, each organization must scope its PCI assessment to ensure it’s considering all the pieces of its infrastructure and internal structure that handle or can in any way access payment card data.

Gracie Pereira, managing director of cybersecurity and privacy, Accenture Accenture

Gracie Pereira, managing director of cybersecurity and privacy, Accenture

To continue reading this article register now

The 10 most powerful cybersecurity companies