Please feel free to use this “compliance dashboard” spreadsheet to sustain your PCI gap analysis exercise. It encompasses:
- All PCI DSS requirements grouped by section
- Guidance associated to each requirements (New)
- The major observation points from the 2011 Verizon PCI Compliance report for each requirement
- The PCI Glossary (New)
- The participants (actors) list
- The list of merchant types
- The compensating controls documentation sheet (New)
- The Validation Instructions for QSA/ISA for each requirement
- Indication of "relevance" by merchant types (A, B, C, C-VT, D). "1" indicates that the requirement is relevant.
- Priority level or milestones from the “prioritized approach” (1-6)
- A column "In Place" (Yes/no/notsure)
- A column "Stage of implementation (if not in place)"
- A column "Estimated date for completion"
- A column "Proofs/Documentation/Comment"
- A column "Remediation plan" (what must be done)
- A Column "Owner" (The individualor department in charge)
Link to the PCI Compliance Dashboard