Payment Card Industry Data Security Standard Compliance Planning Guide

Published: May 1, 2007   |   Updated: October 2, 2009


What’s New

The Payment Card Industry Data Security Standard Compliance Planning Guide is an update of the first version of this guide. The guide is designed to help organizations meet Payment Card Industry Data Security Standard (PCI DSS) requirements.

Download This Solution Accelerator

Download the Payment Card Industry Data Security Standard Compliance Planning Guide.

About This Solution Accelerator

The PCI DSS Compliance Planning Guide is designed to help organizations address the requirements of version 1.2 of this standard using Microsoft products and technologies.

This guide is intended to extend the IT Compliance Management Guide, which introduces a framework–based approach to creating IT controls as part of your organization’s efforts to comply with multiple regulations and standards. The IT Compliance Management Guide also provides configuration and operation guidance for Microsoft products and technology solutions that you can use to implement IT controls to help address PCI DSS requirements, and many other regulatory obligations.

Included in the Download

This download includes:

PCI DSS Compliance Planning Guide.docx

In More Detail

If your organization processes, stores, or transmits payment cardholder information associated with American Express, Discovery Financial Services, JCB International, MasterCard Worldwide, or Visa Inc. International, it must comply with the Payment Card Industry Data Security Standard (PCI DSS). The requirements defined in this standard, which were developed by the PCI Security Standards Council, are designed to create the minimum acceptable level of security for cardholders who use your organization’s services.

Achieving compliance with PCI DSS can be challenging, and can significantly affect your organization’s business processes, service architecture, and technology solutions. For example, in order to establish a fully functional, documented and enforced PCI DSS compliance strategy, it is important to centrally coordinate compliance efforts across your organization. Guidance that can help your organization with these efforts is available in the Governance Risk and Compliance (GRC) Service Management Function, as well as other service management functions (SMFs) in Microsoft Operations Framework (MOF) 4.0. Organizations must also consider what GRC authority documents apply to them, and how overlaps in control objectives can be addressed as efficiently as possible. Complying with multiple sets of regulations will likely require additional research to determine whether there are overlapping requirements that mandate a separate set of controls. Such complexities can make it difficult to understand how to respond appropriately to different regulatory requirements, as well as how to do so in a cost-effective manner.

The Payment Card Industry Data Security Standards  Compliance Planning Guide is designed to help individuals who are responsible for addressing PCI DSS requirements in their organizations. The purpose of this guide is to help IT managers understand how they can start to address many IT control requirements that apply to their organizations, including PCI DSS compliance requirements. The guide also provides information about technology solutions that can help you to facilitate this process.

For a broader discussion about how to comply with multiple regulatory standards, see the IT Compliance Management Guide.

Related Resources

Community and Feedback

Join the Compliance Management Forum to participate in discussions and collaborate on GRC-related compliance management issues with your peers.

Subscribe to the Regulatory Compliance Blog to discuss current issues related to GRC at Microsoft.

If your organization has used a Solution Accelerator, please share your experience with us by completing this short survey (less than 10 minutes).

About Solution Accelerators

Solution Accelerators are authoritative resources that help IT pros plan, deliver, operate, and manage IT systems that address real-world scenarios. Solution Accelerators provide free, prescriptive guidance and automation to accelerate cross-product integration, core infrastructure development, and other enhancements.

Sign up to receive the Solution Accelerator Notifications newsletter so that you can stay informed about new Solution Accelerator releases and updates. The newsletter covers such areas of interest as:

  • Communication and collaboration
  • Security, data protection, and recovery
  • Deployment
  • Operations and management

Download This Accelerator

Download the Payment Card Industry Data Security Standard Compliance Planning Guide now.