PCI DSS Policy and Documentation

A common weakness found in many organisations seeking compliance with PCI DSS without dedicated in-house skills is the ability to create, and maintain a PCI DSS Policy and Documentation set.

Whilst an organisation may perform certain activities required for secure operation of the payment environment, without a written policy and process for individuals to follow, there is no way to validate that correct actions are performed, or the right controls are in place.

With our vast experience of previous PCI DSS Compliance Programmes, JAW Consulting UK have developed a comprehensive suite of customisable PCI DSS Polices, Standards, Procedures, Processes and supporting documentation to comply with the latest version of the PCI DSS.

Our team will deliver a customised PCI DSS Policy and Documentation set, embedding these within your team, and establishing a process to manage these on an ongoing basis, providing an efficient and cost-effective way to meet Requirement 12 of the PCI DSS, whilst maintaining a proactive and continuous compliance approach to PCI DSS

Fast Track Your PCI DSS Compliance

Request an initial PCI DSS Compliance Program consultation.



Our consultants will work with all areas of the business to establish the current level of documentation in place. Once this is understood, we will then perform an analysis of the work required to either update the current documentation in place, or for creation of missing documentation utilising our PCI DSS Policy and Documentation Suite.

Our consultants will then update or customise the required documentation and then work with the relevant business units to socialise, and fully integrate the documentation into the operational teams, providing ownership and management. Finally, we will deliver a process and tool to track and manage the periodic PCI DSS tasks required to maintain compliance, throughout the year.

Key Benefits

  • Fully Compliant PCI DSS Policy and Documentation set, meeting the latest version of the PCI DSS
  • Reduced time and cost to implement.
  • Effective Integration into Business as Usual (BAU) activity
  • A comprehensive process for embedding the documentation and integrated into day-to-day (BAU) activities.
  • Enables tracking and periodic PCI DSS task management, required to demonstrate continuous compliance (e.g. quarterly scans, six month firewall reviews, annual penetration testing, etc.)

Our Methodology

Stage 1: Pre- Assessment Phase (Off Site)

  • Meeting with key staff members
  • Establish and review the current documentation in place

Stage 2: Reporting Phase

  • Preparation of Executive Summary Report
  • Presentation of findings and strategic recommendations.

Stage 3: Implementation Phase

  • Update and/or create a set of documentation that complies with the current PCI DSS
  • Create a process to manage the periodic tasks in the PCI DSS.
  • Run a number socialisation workshops or one on one sessions to fully integrate the documentation into Business As Usual (BAU)


  • Total:      Determined during initial consultation
  • Onsite:    As Above
  • Remote: As Above


  • Executive Summary Report – details the work required to update or cerate the documentation required to comply with the current version of the PCI DSS.
  • PCI DSS Documentation Set including Standards, Procedures, Processes and supporting documentation – a complete documentation set to complying with the latest version of the PCI DSS
  • PCI DSS Continuous Compliance Task Tracker – a method for addressing and recording the periodic tasks required to demonstrate compliance with the standard throughout the year. Also, builds a body of evidence for an audit.
  • PCI DSS Documentation Handover Workshops – a number of workshops or one on one sessions to integrate the documentation into BAU activity.

Speak with our team today, to explore were we can support your goal of achieving PCI DSS Compliant Policies and Documentation.

Optional Related Services