Regarding PCI compliance, all entities that store, process or transmit cardholder data are subject to the requirements of the PCI Data Security Standard (PCI DSS). Merchant or Service Provider Level, and how cardholder data is handled normally determine how an entity is required to validate compliance.
Every company should have documented Information Technology policies and procedures to prepare them for regulatory requirements. However most organizations, particularly startup companies, do not have the time or expertise in drafting these very important documents.
In the Verizon Payment Security Report published August 31, 2017, there was an alarming statistic: 44.6% of companies fall out of DSS Compliance within nine months of validation.
2018 is right around the corner, and that means there are some key deadlines approaching that could impact your organization’s PCI DSS compliance status.