Does Your PCI DSS Compliance Program Include a Charter?

The Payment Card Industry (PCI) Data Security Standard (DSS) requires merchants and service providers to define roles and responsibilities for maintaining PCI DSS compliance. A PCI Charter, required for service providers¹ and designated entities², is a great method for building PCI DSS requirements into Business-as-Usual (BAU) activities and an existing Information Security Policy and program.

If your organization is building out or revamping its PCI DSS compliance program, download these free PCI Compliance Program charter templates to use as a starting point.

¹ Service providers are either (1) entities directly involved in the processing, storage, or transmission of cardholder data on behalf of another entity or (2) entities that provide services that control or could impact the security of cardholder data.

² Designated entities are those determined by an acquirer (merchant bank) or payment brand as an organization that requires additional validation to existing PCI DSS requirements.

© 2022