15/8/2020 ISO 27001 VS. PCI DSS. What is ISO 27001?

| by Lakshika Sammani chandradeva | Medium

ISO 27001 VS. PCI DSS

Lakshika Sammani chandradeva Follow
Feb 2 · 3 min read

What is ISO 27001?

ISO/IEC 27001 is the internationally recognized framework for an Information Security

Management System (ISMS). ISMS is a systematic approach to manage sensitive
information of the organization in order to reduce the risk of sensitive information.
ISMS includes people, processes and IT systems by applying a risk management process.
This standard provides requirements for establishing, implementing, maintaining and
continually improving an ISMS. Further, this standard can apply to any organization in
any sector and the size of the organization is not considering in this standard. And also,
the latest version of this standard is ISO/IEC 27001:2013.

Structure of ISO/IEC 27001:2013 standard

https://medium.com/@csammani1994/iso-27001-vs-pci-dss-4cb6d0eb717a 1/5
15/8/2020 ISO 27001 VS. PCI DSS. What is ISO 27001? | by Lakshika Sammani chandradeva | Medium

ISO/IEC 27001:2013 has the following sections;

Controls of ISO/IEC 27001:2013

The controls are listed below;

https://medium.com/@csammani1994/iso-27001-vs-pci-dss-4cb6d0eb717a 2/5
15/8/2020 ISO 27001 VS. PCI DSS. What is ISO 27001? | by Lakshika Sammani chandradeva | Medium

What is PCI DSS?

Then Payment Card Industry Data Security Standard (PCI DSS) an information security
standard that was implemented to reduce card related frauds by protecting cardholder
data. This Data Security Standard (DSS) was developed and maintained by the Payment
Card Industry Security Standards Council (PCI SSC). Further PCI SSC was created
jointly by four major credit-card companies such as Visa, MasterCard, Discover, and
American Express. In PCI DSS, there are 06 main goals that need to achieve in order to
obtain the PCI DSS compliant certification. However, there are 12 requirements inside
those 06 goals which required to fulfill in order to gain the certification. Further, the
latest version of this standard is PCI DSS v3.2.1.

PCI DSS has four levels which each organization needs to fall into one of those
categories.

1. Level 1: Organizations that process more than 6 million transactions annually.

2. Level 2: Organizations that process between 1 to 6 million transactions annually.

https://medium.com/@csammani1994/iso-27001-vs-pci-dss-4cb6d0eb717a 3/5
15/8/2020 ISO 27001 VS. PCI DSS. What is ISO 27001? | by Lakshika Sammani chandradeva | Medium

3. Level 3: Organizations that process between 20,000 to 1 million digital transactions

annually.

4. Level 4: Organizations that process less than 20,000 digital transactions or up to 1

million transactions.

Goals and Requirements of PCI DSS

Below mentioned are the 06 goals and 12 requirements which need to fulfill in order to
obtain PCI DSS certification;

High-level mapping of PCI DSS vs. ISO 27001

Isaca.org. (2020). Comparison of PCI DSS and ISO/IEC 27001 Standards. [online] Available at:
https://www.isaca.org/resources/isaca-journal/issues/2016/volume-1/comparison-of-pci-dss-and-isoiec-
27001-standards [Accessed 2 Feb. 2020].
https://medium.com/@csammani1994/iso-27001-vs-pci-dss-4cb6d0eb717a 4/5
15/8/2020 ISO 27001 VS. PCI DSS. What is ISO 27001? | by Lakshika Sammani chandradeva | Medium

ISO 27001 can be the beginning point for PCI DSS implementation in an organization.

Infosecurityeurope.com. (2020). [online] Available at:

https://www.infosecurityeurope.com/__novadocuments/21602 [Accessed 2 Feb. 2020].

Pci Dss Iso 27001 Governance Compliance Information Security

About Help Legal

Get the Medium app

https://medium.com/@csammani1994/iso-27001-vs-pci-dss-4cb6d0eb717a 5/5