NL +31 (0)20 4232420 / SP +34 937 379 542
Complying to PCI DSS requires you to have both documented processes and policies in place. Remember: PCI DSS is about People, Processes and Technology. The processes are usually described in policy and process documentation. You have to supply these documents as evidence during an audit. In the rapidly developing world of IT security, we work with you to ensure you have proper documentation to address the growing need to achieve and maintain compliance with the latest version of the PCI Data Security Standard. Our customers have access to our library that contains examples, templates, policy documentation and checklists. In this blog, we have outlined the required documentation for PCI DSS validation.


What Documentation do I need?


To be ahead of the game in your quest to become PCI DSS compliant, we have listed all required documentation per requirement in our PCI DSS documents Checklist, so that you will find it much easier to collect.

It may seem like a daunting list when you have not considered the impact of documentation on your IT and PCI environments. The good news is now you have a list to help you get started when that auditor asks you to provide documentation on these different requirements!

This checklist will help you keep track, from a high-level, the quarterly, semi-annual, and annual requirements outlined in the PCI Data Security Standard. There is a slight difference in the list for Merchants and for Service Providers since the requirements are a bit different for the two. We have starred the requirements for Service Providers.


PCI DSS documents checklist


We provide you with our general list of documents that may be necessary for a PCI DSS audit. Depending on the implementation of the PCI environment and the type of business, this list can be modified.

Want to read more about the requirements of PCI DSS? My colleague Natalia Morando walks you through each requirement in a blog series giving you a detailed view of what to expect and some of the challenges that our clients face or contact our QSAs.