Barclays uses cookies on this website. Some cookies are essential to provide our services to you. Other cookies help us to analyse how you use the site, so we can improve your experience on our site. Cookies are stored locally on your computer or mobile device. Please select 'Accept all' to consent to cookies, or select ‘Reject all’ to reject all but essential cookies’, or select 'Manage cookies' to change your preferences. For more information visit our cookie policy.

Once I become PCIS DSS compliant, can I forget about it?

Unfortunately not. Maintaining the security of cardholder data is a continuous process, which should be part of your day-to-day business operation. PCI DSS is a bit like an MOT – the compliance certificate has to be renewed every year in order to remain safe. This involves completing either an annual on-site security audit or Self-Assessment Questionnaire (SAQ) and, where applicable, running (and passing) quarterly network scans.

Third parties are also required to be PCI DSS compliant. If your payment processing environment or payment processes change, you should also immediately review your compliance requirements. This includes any third parties that are part of the payment processing environment.