Catalogue / PCI DSS

Payment Card Industry
Data Security Standard

PCI DSS v4.0.1

PCI DSS is the card brands' security standard for everyone who touches cardholder data — twelve requirements that protect payment data from capture to storage, evidenced by self-assessment or a QSA.

In practice that means scoping your cardholder-data environment, then standing up the twelve requirements — segmentation and firewalls, strong access control, encryption in transit and at rest, logging and monitoring, and a tested incident-response plan — and evidencing them each year through the right SAQ or a QSA's Report on Compliance.

Who must comply: Merchants and service providers that store, process or transmit cardholder data — at any level, from an SAQ to a full Report on Compliance. Your validation level — an SAQ (A–D) or a full Report on Compliance — depends on how you take payments and your transaction volume.

  • Secure network & systems, strong access control
  • Protect cardholder data — encryption in transit & at rest
  • Logging, monitoring and regular security testing
  • Annual validation — the right SAQ, or a QSA’s ROC
BEST VALUE
COMPLETE BUNDLE
All 6 PCI DSS templates
199one-time274SAVE €75
All 6 editable PCI DSS templates
START-HERE guide + inline “what to change” guidance in every file
The Currency Stamp — kept current as the rules move
30-day money-back guarantee
Buy now →
Pay once·30-day money-back·EU VAT handled
Just the essentials? Starter — €99

Does this sound like your PCI DSS project?

Scope decides everything

Get the cardholder-data environment wrong and the whole assessment is wrong — most effort is wasted on systems that should be out of scope.

Evidence a QSA expects

v4.x is evidence-heavy. Knowing exactly what to show, and how to structure it, is half the work.

Customised approach & TRAs

The new customised approach and targeted risk analyses are powerful — and easy to document badly.

SAQ or ROC?

Choosing the route and mapping each requirement to evidence is unclear without a structured starting point.

The shape of the regulation, in plain terms

Req. 1–2

Build & maintain a secure network

Network security controls, and no vendor-supplied defaults for system passwords and other parameters.

Req. 3–4

Protect cardholder data

Protect stored account data, and encrypt cardholder data in transit across open, public networks.

Req. 5–6

Vulnerability management

Protect systems against malware, and develop and maintain secure systems and software.

Req. 7–9

Strong access control

Restrict access on need-to-know, authenticate every user (MFA), and control physical access to data.

Req. 10–11

Monitor & test networks

Log and monitor all access to system components and cardholder data, and test security regularly.

Req. 12

Maintain a security policy

Support information security with an organisation-wide policy and programme for all personnel.

6 professional tools

How it's packaged · Workstream-based — packaged around the 12 requirements and the evidence a QSA expects.
Pricing

Buy the PCI DSS kit

SINGLE TOOLS
39–59each
Best for
one specific gap — buy only what you need
Included
  • Any of the 6 tools individually
  • Mix and match as you go
Format
Editable Word / Excel
Updates
Re-buy when revised
Browse the tools
STARTERsave ~30%
99one-time
Best for
getting started fast on the essentials
Included
  • The core starter templates
Format
Editable Word / Excel
Updates
Kept Current eligible
Buy now
COMPLETEsave ~30%
199274one-time
Best for
full coverage & consultants serving several clients
Included
  • All 6 PCI DSS templates
Format
Editable Word / Excel
Updates
Kept Current eligible
Buy now

Questions, answered plainly

It depends on your level and your acquirer's requirements. The kit supports both the SAQ route and a full Report on Compliance, with the evidence mapped either way.