Professional Documents
Culture Documents
Read the PCI DSS Standard • Map the end-to-end data flow
• Identify Third Parties
Define Environment
• Start Gap Analysis / Funding
• Produce Initial Project Plan / milestones
Gap Analysis
If cardholder data
Appoint QSA (recommended) infrastructure connected
to the internet
YES
Notify Barclaycard of milestones Network scans
& QSA Appointment required?
(all in-house) NO
YES NO
3rd Parties ASV Scan
Remediate
exist? passed?
Check All 3rd Check Visa/ MasterCard for Provide Barclaycard with
Parties Contracts 3rd party accreditation Project/ Remediation Plan
NO
3rd Party to Implement Compliant 3rd Parties
accredited? Merchant to Implement
Solution or Merchant to select
Compliant Solution
alternative compliant 3rd Party
YES Use recommended
prioritised steps
Barclaycard recommend that the following prioritisation checklist be used by merchants to help
them with their compliance programme planning activity:
1. Undertake an initial evaluation of the anticipated impacts of PCI DSS on the merchant and
its third parties
3. Train resources on PCI DSS (Free Webinars are available from MasterCard)
7. Secure application
9. Protect remaining cardholder data (PAN and expiry date) through encryption or masking
Share your plans with Barclaycard, and any actions taken and issues being faced.
Visual Status Matrix for PCI DSS Compliance