PCI DSS Awareness Survey PCI DSS v3.0 was released on 7 November 2013 and features changes across all of its 12 requirements of the standard. This survey is designed to establish how companies are going about achieving compliance with the standard, what challenges they face and how prepared they are for the release of v3. Question Title * 1. Who is responsible for PCI DSS compliance in your organisation? (more than one can be selected) SSC Qualified Information Security Auditor (ISA) Information Security Auditor PCI DSS Auditor Internal Auditor PCI DSS/ Information Security Consultant Chief Information Security Officer (CISO) Head of IT Risk & Compliance Infrastructure/ Network Engineer (or similar) Systems Architect (or similar) Developer E-commerce manager CIO / CTO ISMS Manager IT Manager (or similar) Qualified Service Assessor Quality Assurance Manager CRO/ Head of Risk & Compliance (or similar) Security & Fraud Manager (or similar) Product Manager CEO CFO Nobody has been identified or assigned Other (please specify) Question Title * 2. Are you required to comply with PCI DSS? Yes No Unsure Question Title * 3. If you are required (or believe you are required) to comply with PCI DSS, tick which one of the following entities your organisation falls in: Merchant that uses, stores or processes payment card information Service Provider providing solutions to a merchant that can influence the usage, storage and processing of payment card information Service provider that can affect the storage, processing or transmission of credit card information I do not need to comply with PCI DSS Other (please specify) Question Title * 4. If you are a merchant or service provider required to comply with PCI DSS, were you required to be audited or did you complete a self-assessment? Audit (Report of Compliance – ROC) Self-Assessment Questionnaire (SAQ) Don’t know Not applicable Question Title * 5. If you were required to complete a self-assessment questionnaire (SAQ) as above, which form did you complete? A B C C-VT D P2PE - HW Don’t know Not applicable Question Title * 6. If you are required to comply with PCI DSS, how important is maintaining PCI DSS compliance to your organisation? Very important Somewhat important Not important I'm not sure whether I should comply Not applicable Very important Somewhat important Not important I'm not sure whether I should comply Not applicable Question Title * 7. If you are required to comply with PCI DSS, what are the biggest challenges your organisation faces in ensuring continuous, absolute compliance with the standard, if any? We are not aware of any challenges that we face in order to achieve compliance Lack of understanding of the standard’s requirements and intent Lack of resources and skills to ensure optimal compliance Lack of budget Lack of enforcement – we have not experienced any payment card information breaches Not applicable Other (please specify) Question Title * 8. If you are a merchant, what type of controls have you applied, if any, to ensure that your service providers are compliant with PCI DSS? Reporting or other form of evidence Audits Unsure Not applicable Other (please specify) Question Title * 9. If you are a service provider, what type of requests from merchants are you getting to provide evidence of PCI DSS compliance? Reporting or other form of evidence Audits Attestation of Compliance “Certificate” of Compliance Unsure Not applicable Merchants don't request evidence from us Other (please specify) Question Title * 10. Do you believe that PCI DSS v3.0 will make a difference to the approach you take to tackle PCI DSS compliance? Yes, it will make compliance easier Yes, it will make compliance more difficult No, it won't make any difference Don't know about Version 3 Don't know whether it will make a difference Question Title * 11. Which of these industry/sector best describes your organisation? QSA Consultancy Approved Scanning Vendor Service Provider PCI DSS Technical Services Provider PCI DSS Forensic Investigators Retail - merchant E-commerce retail Food & Beverage / Restaurants Hospitality / Casino Financial Services/ Insurance Non-Profit Health and Beauty Software/ applications developers/ solutions provider Payment gateway / applications solutions provider IT Support services/ Hosting / Cloud service provider Point-of-sale maintenance service provider Adult Entertainment Automotive Services Marketing solutions & services Higher Education Entertainment Contact Centre Insurance City Council/ Municipality Public Sector Energy / Utilities Professional Services/ Consultancy Manufacturing Other Business Services Other (please specify) We'd like to send you the slides from our recent Webinar - ‘PCI DSS Version 3.0: The Changes Explained – Simply’. Please provide your details below: Question Title * 12. Name Question Title * 13. Job Title Question Title * 14. Company Question Title * 15. Phone Number Question Title * 16. Email Address Next