All businesses and organizations that accept credit card payments and store cardholder data are required to comply with the Payment Card Industry Date Security Standard (PCI DSS) requirements. PCI DSS consists of a very structured set of compliance regulations, for which an organization must have appropriate procedures and controls.
Tilly’s, a policyIQ client for the past three years, is a retail clothing and accessory chain specializing in surfwear, skatewear, motorcross and other active lifestyle apparel. Tilly’s has been using policyIQ to manage their Sarbanes-Oxley documentation. As a retail business that processes credit card payments, they found themselves in need of a solution to manage their PCI compliance.
Denise Schoeneich, a Resources Consultant currently engaged with Tilly’s, felt that PCI compliance was a natural extension of their existing policyIQ implementation. She started this expansion by creating a new PCI Folder structure in their policyIQ site. She then identified the PCI Requirements that applied to Tilly’s, and created a new Page Template for PCI Requirements. After the structure was in place, she created PCI Requirement Pages and indexed them to the relevant PCI subfolders. (For an even faster implementation, this can now be done through the Import feature!) As a number of Tilly’s existing SOX Controls addressed PCI Requirements, Denise added a new field called PCI Reference to the existing SOX Control Template. By indexing those SOX Controls to the related PCI Requirement Folders and linking them to the related PCI Requirement Pages, she was able to simplify testing and create simple and efficient reporting.
Clients currently using policyIQ for SOX, who must now comply with PCI regulations, would be well served to follow Tilly’s lead and expand their existing policyIQ site to manage their PCI compliance documentation. In fact, consider the expansion possibilities for any compliance regulations that your organization faces!
For more information on the use of policyIQ for PCI compliance or on engaging a Resources consultant to help with the implementation, please contact us at support@policyIQ.com.