PCI is free and considerably shorter in length than the ISO 27001 - 17 pages versus 44. Some of the content in the two standards overlaps, making compliance with ISO 27001 a significant step towards compliance with PCI DSS. There are, however, several areas where PCI DSS is considerably more specific and provides a number of clearly defined requirements. In contrast, the ISO 27000 standards set the stage for more risk-based security implementation.
All organisations that treat, store or transmit debit card information should comply with PCI DSS. According to the standard, an organisation that has entered into a service agreement with a provider of, for example, online transactions for payment in a webshop. Not complying with PCI DSS will result in an organisation losing the ability to receive payments from, among others, Visa and Mastercard. It is possible to outsource some of the PCI DSS requirements.
For organisations that handle, store, or transmit debit card information, inspiration can be found in PCI DSS's concrete security rules. It makes sense to introduce many of the requirements in a slightly altered state. However, as with all standards, the activities must be dispensed appropriately. Full compliance can be quite a mouthful.
You can find it by clicking here: PCI Security Standards Council
Our GRC platform includes the PCI DSS standard. Book a meeting to learn more.