What is PCI DSS?
Entities that store, process, or transmit cardholder data must comply with PCI DSS (Payment Card Industry Data Security Standard). The standard was created to increase controls around cardholder data to reduce credit card fraud via its exposure. The standard focuses on information security policy, cardholder data security, access control, network security and monitoring, and organizational vulnerability management.
The primary purpose of the reports is to provide clients and prospective clients (and their financial statement auditors) with confidence in the effectiveness of controls at an organization, as well as peace of mind in the operations and security of the facilities. The American Institute of Certified Public Accountants (AICPA) has developed these reports to allow organizations that provide services focused on information systems to convey trust and confidence in their service delivery processes and controls.