PCI DSS Expected Evidence Spreadsheet

The evidence items that you should expect the auditors (or a customer) to request from your company.

About PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) is a security standard for organizations that store or process cardholder data from the major credit card brands such as Visa and Mastercard. Most of the controls center around the processes and procedures related to systems that handle cardholder information.

Merchants that process more than 6 million credit card transactions a year are usually considered to be Level 1 merchants and are required to complete a third party audit annually. Others are required to complete a Self Assessment Questionnaire.