Your selected question
Once I become PCIS DSS compliant, can I forget about it?
Unfortunately not; the security of card holder data is a continuous process and should be normal practice for the merchant.
PCI DSS is a bit like an MOT or an insurance policy; the compliance certificate must be renewed every year, which involves either completing an annual on-site security audit or Self Assessment Questionnaire (SAQ) and where applicable, running (and passing) quarterly network scans. Please don't forget that third parties are required to be PCI DSS compliant also.
If the payment processing environment or payment processes change the compliance requirements should immediately be reviewed. This includes any third parties that are part of the payment processing environment.
How useful did you find the answer given?Not at all Very useful