• You or your Acquiring Institution will register your organization in SPIguard's Online Compliance Manager (OCM) and then contact you to provide you with access information and program details. The type of program your organization participates in along with its associated fee structure is based upon your particular type of business and the number of credit card transactions you process monthly.

• An authorized representative of your firm logs in to SPIguard's online Electronic Compliance Manager and enters your corporate profile information.

• The self-assessment questionnaire (SAQ) must be completed within 15 days (special conditions may apply) of receiving your access information from SPIguard.

• When your self-assessment is complete, a compliance report is generated and provided to both your firm and your Acquiring Institution. In addition, should your firm not be compliant with PCI DSS standards, a remediation plan and timetable is presented. SPIguard monitors remediation timelines and assists you to attain PCI DSS compliance.

• For level 1 merchants, SPIguard will co-ordinate an onsite visit to your organization to conduct a PCI compliance review. Prior to any onsite visit, all policies from your firm that are relevant to PCI compliance must be submitted and will be reviewed along with your self-assessment and port scan results. Any critical areas of discovery must be re-mediated prior to onsite review. Once onsite, a qualified security professional will conduct a PCI assessment. An onsite findings report will be generated and made available in SPIguard's Electronic Compliance Manager to the participating organization and its' acquirer. Areas of PCI non-compliance are identified and remediation timelines are addressed. Once an organization is PCI compliant, a certificate of compliance is granted.

• For Brick and Mortar merchants with corporate head offices and multiple outlets, the outlets are required to participate in the PCI DSS program once the head offices gain PCI compliance. It is the responsibility of the corporate head offices to notify subject outlet stores and provide compliance information. SPIguard co-ordinates onsite visits (non-Information Technology) and assists outlets to achieve PCI compliance.

• SPIguard co-ordinates annual re-certification to ensure that your organization maintains PCI compliance.

Additional Issues ->