Tilly’s successfully expands policyIQ usage to manage PCI compliance requirements


All businesses and organizations that accept credit card payments and store cardholder data are required to comply with the Payment Card Industry Date Security Standard (PCI DSS) requirements. PCI DSS consists of a very structured set of compliance regulations, for which an organization must have appropriate procedures and controls.

Tilly’s, a policyIQ client for the past three years, is a retail clothing and accessory chain specializing in surfwear, skatewear, motorcross and other active lifestyle apparel. Tilly’s has been using policyIQ to manage their Sarbanes-Oxley documentation. As a retail business that processes credit card payments, they found themselves in need of a solution to manage their PCI compliance.

Denise Schoeneich, a Resources Consultant currently engaged with Tilly’s, felt that PCI compliance was a natural extension of their existing policyIQ implementation. She started this expansion by creating a new PCI Folder structure in their policyIQ site. She then identified the PCI Requirements that applied to Tilly’s, and created a new Page Template for PCI Requirements. After the structure was in place, she created PCI Requirement Pages and indexed them to the relevant PCI subfolders. (For an even faster implementation, this can now be done through the Import feature!) As a number of Tilly’s existing SOX Controls addressed PCI Requirements, Denise added a new field called PCI Reference to the existing SOX Control Template. By indexing those SOX Controls to the related PCI Requirement Folders and linking them to the related PCI Requirement Pages, she was able to simplify testing and create simple and efficient reporting.

Clients currently using policyIQ for SOX, who must now comply with PCI regulations, would be well served to follow Tilly’s lead and expand their existing policyIQ site to manage their PCI compliance documentation. In fact, consider the expansion possibilities for any compliance regulations that your organization faces!

For more information on the use of policyIQ for PCI compliance or on engaging a Resources consultant to help with the implementation, please contact us at support@policyIQ.com.

This entry was posted in Customer Success and tagged , by Stacey Zearott. Bookmark the permalink.

About Stacey Zearott

Stacey is the Client Success Manager for policyIQ. She has a very strong background in sales and operations with over 20 years in the communications sales industry. Not only does she bring this knowledge and background to the team, but a love of theatre, fun hair and just the need for a daily dose of laughter.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s