How does PCI DSS compare to ISO 27001?

PCI is free and considerably shorter in length than the ISO 27001 - 17 pages versus 44. Some of the content in the two standards overlap making compliance with ISO 27001 a big step towards, also, complying with PCI DSS. There are, however, several areas where PCI DSS is considerably more specific and provides a number of clearly defined requirements. In contrast the ISO 27000 standards sets the stage for a more risk based security implementation.

Who should use it?

All organisations that treat, store or transmit debit card information should comply with PCI DSS. According to the standard that includes organisaton that have entered into a service agreement with a provider of, for example, online transactions for payment in a webshop. The consequence for not complying with PCI DSS will result in an organisation losing the ability to receive payment by, among others, VISA and Mastercard. It is possible to outsource your way out of some of the PCI DSS requirements.

What does Neupart recommend?

For organisations that treat, store or transit debit card information inspiration can be found in some of PCI DSS's concrete security rules. It makes sense to introduce many of the requirements in a slightly altered state.  However, as with all standards, the activities must be dispensed appropriately. Full compliance can be quite a mouthful.

Where can I find the standard?

You can find it by clicking here: PCI Security Standards Council...

How can Neupart help?

Secure ISMS includes the PCI DSS standard