Monday November 20, 2017
PCI Discussion Forum
PCI vs. ISO PDF Print E-mail


Anyone researching the Payment Card Industry, or PCI, for the first time may notice many similarities with ISO regulations, short for International Organization for Standards, and specifically ISO 27001. Both are sets of regulations for companies to follow concerning information security management.  Though they both have the same goal, they also differ in many aspects.

Similarities- The goal of PCI and ISO is to control and protect customer data, by establishing international industry standards. Both require audits and scans of systems to show compliance with these standards. Both also operate on industry best practices set forth by regulating committees. PCI DSS can be used as a part of becoming ISO 27001 compliant, and that is where the similarities stop.

Differences- While PCI and ISO are similar in ideology, their methods differ. The table below notes some of these differences.


Topic

PCI

ISO

Geographical Acceptance

North American & Europe

Internationally Recognized

Compliance Mandates

Compliance Mandatory

Compliance Voluntary

Company Scope

Functioning Levels

Overall Company

Degree of Compliance

Must Meet All Standards

Standards Voluntary

Separation of Systems

High

Low

Degree of Flexibility

Low

High

 

ISO is an overall measure for companies to use for compliance of information security management. PCI is a more standardized and regulated sub-section of information security management that pertains specifically to cardholder data. PCI compliance could be a part of overall ISO compliance if a company were concerned with meeting both regulations. This is an important topic for a systems administrator to understand, but ISO is voluntary whereas PCI is mandated. Though having many differences both aim to protect sensitive company and cardholder information, which should be a concern of any company and its stakeholders.

 
Tools and Calculators

Gap Assessment Tool
Take this assessment to gain greater insight into the challenges you are facing



Business Resources