All frameworks
PCIv4.0.1

PCI DSS compliance

Protecting cardholder data, end to end.

PCI DSS is the security standard for organisations that store, process or transmit payment-card data. Version 4.0.1 modernises requirements with more flexibility (the customised approach) and a stronger focus on continuous security rather than annual point-in-time checks.

See how it works

The standard

PCI DSS v4.0.1 — Payment Card Industry Data Security Standard

Who needs it

Merchants and service providers of every size that handle cardholder data — with validation scope tied to transaction volume and the way you process payments.

12

Requirements tracked

What it covers

12 requirements

Organised under six goals, from secure networks to access control and monitoring.

Customised approach

v4.0 lets you meet an objective with alternative controls, evidenced accordingly.

Continuous validation

Many requirements are now business-as-usual activities, not annual events.

Scope reduction

Segmentation and tokenisation shrink the cardholder-data environment you must secure.

How Compliance One helps

  • Tracks all 12 requirements with mapped evidence and clear ownership.
  • Supports the customised approach with structured objective-and-evidence records.
  • Schedules the recurring activities v4.0.1 expects so they never slip.
  • Shares network, access and monitoring evidence with your other frameworks.
One control set, many frameworks. Evidence you collect for PCI DSS is automatically reused across the other standards you run — do the work once, prove it everywhere.

Ready to tackle PCI DSS?

See exactly how Compliance One maps PCI DSS to your environment in a 30-minute walkthrough.