This website uses cookies. View our cookie policy
Select regional store:

  PCI Documentation Toolkit

Documentation (in the form of policies and supporting forms) is an integral part of a Payment Card Industry Data Security Standard (PCI DSS) compliance programme. Compiling these policies can be a time-consuming and challenging task. Documentation must support all applicable PCI requirements and provide practical operational guidelines for anyone working with payment card data.


Saves you hours of work and expensive consultancy fees

The IT Governance PCI DSS Documentation Toolkit provides you with all the policies, procedures and work instructions you need to achieve compliance with the Standard. Containing an extensive list of policies appropriate for the PCI DSS, it can save you hours of work and expensive consultancy fees.

The toolkit also includes a set of project management tools, including:

  • Roles and responsibilities matrix
  • Document checker
  • Gap analysis tool
  • Scoping guide and several other resources

All the templates have been designed from a PCI audit perspective by an authorizedPCI Qualified Security Assessor (QSA), and can easily be customised.

On average, 50% of our policies are used on every engagement – that equates to 15/16 policies that the client would need to draft.
Saving approximately seven full days in writing with hurdles such as meeting requirements, information gathering, validation checks and approval.

Our toolkit offers a shortcut through the documentation, with extra features to streamline the rest of the process


PCI DSS Gap Analysis

Assess your current PCI compliance posture.

Our customers buy the toolkit because they want to carry out the project themselves, reducing associated costs. To help with this process, we provide a gap analysis tool, which will help organizations to set the perimeter and identify the scope of the project.

  • Create a snapshot of PCI DSS compliance to identify areas requiring immediate attention.

PCI Document Checker

Determine which documents must be completed.

The outputs of your gap analysis will help to inform the steps you take to make sure you start your project in the right direction. Use the Document Checker included in the toolkit to filter the outputs of your gap analysis and identify which policies and clauses you need to address.

  • Make it easy to see if all the required documentation to meet the PCI DSS is in place.

PCI Documentation

Complete the required policies to the right level of detail.

The toolkit provides you with all the documentation required by the Standard. Our comprehensive collection of policies and guides helps you to state how your organisation manages its credit card processing network.

  • Clearly state the tasks and responsibilities your company has when handling payment card data.

ISO Clause Mapping

Learn how to integrate the Standard with an ISO 27001 information security management system (ISMS).

The toolkit can also help establish the foundations of an ISMS, and can be fully integrated with our ISO 27001 ISMS Documentation Toolkit.

  • Create the foundation for an ISMS.


Pre-written by a QSA to save the cost of engaging a QSA for a day.

Comprehensive approach to meeting the PCI’s document requirements.

Accelerates your PCI DSS compliance project.

Avoids costly, credibility-destroying trial-and-error methods.

Pre-written model policies account for all the key issues in PCI DSS v3.2 compliance.

Immediate download so you can take advantage of its contents at once.


Why not take a peek?

Our toolkit has been successfully deployed and is operational with clients all over the world. Download a free trial to view a full list of the documents you will receive in your toolkit, and see what the documents look like.