Text size Increase Font-SizeDecrease Font-SizeReset Font-Size

Prioritized Approach

The Prioritized Approach provides guidance that will help merchants identify how to reduce risk to card holder data as early on as possible in their compliance journey. The tool groups together the requirements of PCI DSS 1.2 into six key milestones for merchants to consider in their card data security strategy.

The Prioritized Approach for PCI DSS 1.2 was created with input from the PCI SSC Board of Advisors, and informed by insight from real world results of data compromises shared by the assessment community. The Prioritized Approach offers guidance on how to focus PCI DSS implementation efforts in a way that expedites the security of cardholder data. It also

  • Helps businesses identify highest risk targets
  • Creates a common language around PCI DSS implementation efforts
  • Enables merchants to demonstrate progress on compliance process to key stakeholders - banks, acquirers, QSAs, others

Prioritized Approach Guide and Worksheet

To achieve PCI DSS compliance, an organization must meet all PCI DSS requirements, regardless of the order in which they are satisfied or whether the organization seeking compliance follows the PCI DSS Prioritized Approach. These documents do not modify or abridge the PCI DSS or any of its requirements, and may be changed without notice.

PCI SSC is not responsible for errors or damages of any kind resulting from the use of the information contained herein. PCI SSC makes no warranty, guarantee, or representation as to the accuracy or sufficiency of the information provided herein, and assumes no responsibility or liability regarding the use or misuse of such information.

© 2009 PCI Security Standards Council LLC. The intent of these documents is to provide supplemental information, which does not replace or supersede PCI SSC Security Standards or their supporting documents.


Back to Top

The PCI Security Standards Council (the "Council") provides a variety of tools, questionnaires, guidance, FAQs, training resources and other materials and information to assist organizations seeking to achieve compliance with its standards (the "Standards"). Third party products and services are also available, but the Council does not endorse or recommend any such third party products or services, and advises all organizations seeking to achieve compliance to become familiar with the Standards and related requirements before purchasing third party products or services. Ultimately, all applicable requirements must be met in order to achieve compliance, regardless of whether or what third party products or services are used.