close
lumiform
Lumiform Mobile audits & inspections
Get App Get App
Overview
Get an overview of the most important features in Lumiform.
Checklist maker
Create custom checklists and use logics to predefine workflows.
Mobile app
Quickly conduct inspections with the easy-to-use inspection app.
Issue resolution
Turn issues into corrective actions by collaborating with team members.
Results, reports & analytics
Share automatically generated reports and get in-depth analytics.
Administration
Easily adapt the Lumiform software to your complex organization structure.
Book a personal demo
Contact sales
By category
ISO Audit Templates Fire Safety Templates Gap Analysis Templates Quality Control & Assurance Templates Condition Report Templates Maintenance Plan Templates Due Diligence Templates View all templates
By industry
Hospitality Management Templates ICT Templates Manufacturing Templates Transport and Logistics Checklists Aviation Checklists Facility Management Templates ISO Certification Templates
Book a personal demo
Contact sales
By app use
Energy Audit App Quality Management System App Commercial cleaning app: simplify scheduling, tracking, and management! Free Daily Forklift Inspection App Vehicle Inspection App Mystery Shopper App View all app uses
By industry
Food & Hospitality Construction Manufacturing Retail Logistic & Transportation Facility Management Pharma & Chemistry View all industries
Book a personal demo
Contact sales
Checklists
5S Checklist Mystery Shopper Checklist BRC Audit Checklist Incoming Goods Inspection Checklist Safety Observation Report Checklist Restaurant Checklists for Standard Operating Procedure Social Worker Home Visit Checklist View all checklists
Guides
What is 5s in your company? Understanding ISO What Is ISO 9001? What is Kanban? What is Poka Yoke? What is the CE Marking? Child Care Observation Guide View all guides
Knowledge hub
Business journal
Best practices and thought leadership articles.
Customer success stories
How businesses are using Lumiform successfully.
Infographics
A combination of data, facts or timelines with graphics for clear, visual hubs of information.
News and Trends
Stay up to date with the latest news, insights and trends.
Videos
How to videos, demos and much more.
 
Help center
Get helpful tips on how to use Lumiform features.
FAQ
Take a look at frequently asked questions.
Lexicon
A glossary of all technical terms.
Book a personal demo
Contact sales

PCI Assessment Checklist

A PCI assessment checklist is a standardized list of questions used to evaluate a company’s compliance with the Payment Card Industry Data Security Standards (PCI DSS). The checklist covers various areas such as network security, access control, and data protection to ensure that a company’s handling of payment card information meets the required standards.

Downloaded 15 times
PCI Compliance Self-assessment Questionnaire
Storage of sensitive authentication data (SAD)
Is your system storing this data? If so, are you aware of it?
Did you check for inadequate access controls due to improperly installed point-of-sale (POS) systems, allowing malicious users in via paths intended for POS vendors?
Default system settings and passwords were changed when the system was installed?
Unnecessary and insecure services removed or secured when the system was installed?
Checked for poorly coded web applications that could result in SQL injection and other vulnerabilities, which allow access to the database storing cardholder data directly from the website?
Checked for missing and outdated security patches?
Checked for adequate logging protocols?
Checked for adequate monitoring? (via log reviews, intrusion detection/prevention, quarterly vulnerability scans, and file integrity monitoring systems)?
POS Vendor System's Security (Ask POS Vendor)
Have default settings and passwords been changed on the systems and databases that are part of the POS system?
Do you access my POS system remotely?
Have all unnecessary and insecure services been removed from the systems and databases that are part of the POS system?
Is my POS software validated to the Payment Application Data Security Standard (PA-DSS)?
Does my POS software store sensitive authentication data, such as track data or PIN blocks?
Does my POS software store primary account numbers (PANs)?
Will you document the list of files written by the application with a summary of each file's contents to verify that the above-mentioned, prohibited data is not stored?
Does my POS software enforce complex and unique passwords for all user access?
Can you confirm that you do not use common or default passwords for access to my system and other merchant systems you support?
Have all the systems and databases that are part of the POS system been patched with all applicable security updates?
Is the logging capability turned on for the systems and databases that are part of the POS system?
If prior versions of my POS software stored sensitive authentication data, has this feature been removed during current updates to the POS software? Was a secure wipe utility used to remove this data?
Cardholder Data
Payment brand rules allow for the storage of primary account number (PAN), expiration date, cardholder name, and service code.
Is the storage of this data absolutely necessary for the business and its purpose? State why the data should be stored or eliminated.
Is the risk of having the data compromised worth the effort to store it?
Are the additional PCI DSS controls that need to be applied to protect the data worth the continued storage of this data?
Are the ongoing maintenance efforts to remain PCI DSS compliant overtime worth the continued storage of this data?
The cardholder data that NEEDS to be stored are properly consolidated and isolated through proper network segmentation
Full name and signature of Compliance Officer in-charge
Confirmation
Full name and signature of Compliance Officer in-charge
Share this template:

This post is also available in: Español

Related Categories:

Related Checklists:

Ensuring Payment Card Security with a PCI Assessment Checklist


A PCI assessment checklist is a vital tool that helps companies ensure that their handling of the payment card information is compliant with the Payment Card Industry Data Security Standards (PCI DSS). The checklist covers various areas such as network security, access control, and data protection to evaluate a company’s compliance with the PCI DSS.


By using a PCI assessment checklist, companies can identify potential areas of non-compliance and take appropriate measures to address them. The checklist also helps ensure that companies are protecting customer data and mitigating the risk of data breaches, which can be costly both financially and reputationally.


The PCI assessment checklist can be customized to suit the needs of individual companies and industries, ensuring that the evaluation is tailored to the specific requirements of the organization. The checklist can also help companies stay up-to-date with changes to the PCI DSS and maintain ongoing compliance with the standards.


Please note that this checklist template is a hypothetical appuses-hero example and provides only standard information. The template does not aim to replace, among other things, workplace, health and safety advice, medical advice, diagnosis or treatment, or any other applicable law. You should seek your professional advice to determine whether the use of such a checklist is appropriate in your workplace or jurisdiction.

Other Templates: