Are you ready for Payment Card Industry Data Security Standards (PCI DSS) 3.0? This questionnaire will help you answer that question by providing you with a better understanding of your compliance readiness. It will identify both deficiencies and areas of compliance and will provide useful information to prepare you for your next annual PCI audit.

Upon completion of the assessment, we'll provide you with a Readiness Score and an opportunity to obtain a detailed report of the results.



1) Do you maintain a written description or diagram of how credit card data flows through your systems that includes any third parties that help maintain your company's network or IT platforms?

Yes
No
Don't Know
Please select an answer above.

2) Do you maintain a list of third parties that are in scope for your PCI audit?

Yes
No
Don't Know
Please select an answer above.

3) Do you maintain an inventory of system components that are in scope for PCI (all hardware, software, etc.)?

Yes
No
Don't Know
Please select an answer above.

4) Do you have clearly defined security roles and responsibilities with all third party vendors that are in scope for your PCI audit?

Yes
No
Don't Know
Please select an answer above.

5) Does your company have policies and procedures in place to ensure third parties comply with PCI security standards?

Yes
No
Don't Know
Please select an answer above.

6) Does your company have a formal process for evaluating security risks?

Yes
No
Don't Know
Please select an answer above.

7) Has your company performed third party attack and penetration testing in the last 12 months by a company using an industry accepted penetration testing methodology?

Yes
No
Don't Know
Please select an answer above.

8) Are authentication mechanisms such as physical security tokens, smart cards, and certificates linked to an individual account and assigned to an individual employee?

Yes
No
Don't Know
Please select an answer above.

9) Does your company use network segmentation to reduce risk to your PCI environment?

Yes
No
Don't Know
Please select an answer above.

10) Does your company have a process that protects POS devices or detects POS device tampering?

Yes
No
Don't Know
Please select an answer above.