Once I become PCIS DSS compliant, can I forget about it?

Unfortunately not. Maintaining the security of cardholder data is a continuous process, which should be part of your day-to-day business operation. PCI DSS is a bit like an MOT – the compliance certificate has to be renewed every year in order to remain safe. This involves completing either an annual on-site security audit or Self-Assessment Questionnaire (SAQ) and, where applicable, running (and passing) quarterly network scans.

Third parties are also required to be PCI DSS compliant. If your payment processing environment or payment processes change, you should also immediately review your compliance requirements. This includes any third parties that are part of the payment processing environment.