Once you understand how your company is defined in the SDP Program you need to familiarize yourself with the four Payment Card Industry (PCI) documents. These documents include the PCI Audit Procedures and Reporting, the PCI Security Scanning Procedures, the PCI Self Assessment Questionnaire and the PCI Security Standard. Achieving SDP compliance means that you are compliant with the PCI Data Security Standard.

Click here to go to the PCI SSC website: www.pcisecuritystandards.org

• There are compliance validation tools you will need to utilize to successfully fulfill the technical requirements of the PCI Data Security Standard.
  • Onsite Assessments
    • PCI Security Audit Procedures
    • Qualified Security Assessors
  • Self assessment questionnaire
  • Network Security Scanning: these are automated, non-intrusive web scans performed by SDP compliant vendors. The scans evaluate your web perimeter for any known vulnerabilities.
  • PCI Security Scanning Procedures
  • Approved Scanning Vendors
  
  

  To sum up the compliance process for Service Providers, it can be seen as a 3 step process:

  1. Review the relevant PCI documentation, validation tools and procedures
  2. Engage an approved vendor, as appropriate, and follow the validation procedures
  3. Once compliant, work with your qualified security assessor to send your Certificate of Validation to MasterCard