We are pleased to announce that Version 4 of the CertiKit PCI DSS Toolkit is now available. All customers currently within support will receive this update free of charge as part of their subscription. When we create a new version of one of our toolkits, we consider customer feedback, discussions with partners working at the sharp end of PCI DSS compliance, and our own ideas from using the toolkit, to keep cardholder data safe here at CertiKit.
This revision now boasts over 50+ policies, procedures, controls, checklists, tools, presentations, examples and other useful documentation. New documents include an information security policy and project charter specifically designed for PCI DSS.
To fulfil requirement 12.1 of the PCI DSS, organizations are required to establish a security policy that creates a roadmap for implementing security measures to protect cardholder data (CHD). All personnel should be aware of this document, so they understand the sensitivity of the data and their responsibilities for protecting it. The original idea within previous versions of the Toolkit was to refer to several policies that would collectively be the information security policy set as opposed to having a single document as well as the policies highlighted below:
However, after feedback from several customers we have decided to create an overarching information security policy document which will reference all the above documents. This will assist internal personnel, assessors and auditors to establish the information security framework and gain a better understanding on how the organization protects its data.
Applicable to only Service Providers, an additional requirement for compliance is to define a charter for a PCI DSS compliance program. This charter outlines the conditions under which the PCI DSS compliance program is organised and communicated to executive management. Areas included within the PCI DSS charter are:
This new document will assist Service Providers to fast track their documentation requirements around defining a comprehensive PCI DSS compliance program.
In May 2018 the PCI Security Standards Council (PCI SSC) published PCI DSS Version 3.2.1. This release had minor revisions including dates to migrate away from SSL/Early TLS versions of July 2018, as these have now passed. Here at CertiKit, we continually review our PCI DSS Toolkit to ensure it is in line with the latest versions of the standard.
We’ve listened to feedback from some of our customers about our policies and made the language used in some of them stronger e.g. use of the verb “must” rather than “should”.
Finally, we have updated the Implementation Guide to reflect the changes and amended all documents to reference any new ones included within this version. This will ensure the documents link and flow seamlessly together for ease of use.
This update is part of our schedule of regular maintenance and enhancement aimed at making our toolkits as useful to the customer as we can. As always, we’d like to thank everyone who has contributed to the improvements in this release. Feedback is very important to us so please keep it coming!
The CertiKit Team