Guest user Created: Sep 04, 2017 Last commented: Sep 04, 2017

ISO 27001 and PCI DSS

if we are a ISO 27000 certified Company, and we are now, as a travel agency, also required by IATA to be PCI DSS compliant, does the ISO 27000 certification EQUAL or contribute to the PCI compliance? Simply put - if we are 27000 compliant - do we still need to be PCI compliant AS WELL or are we automatically PCI compliant when we are ISO 27000 compliant?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Sep 04, 2017

Answer: ISO 27000 certification is not equal to PCI, so being ISO 27001 compliant does not make your organization automatically compliant with PCI DSS, although ISO 27001 practices can contribute to achieve PCI compliance. That said, your organization will have to go through all the steps required to PCI certification, but your ISO 27001 certified ISMS will for sure reduce the required effort.

These articles will provide you further explanation about ISO 27001 and PCI DSS:
- PCI-DSS vs. ISO 27001 Part 1 – Similarities and Differences https://advisera.com/27001academy/knowledgebase/pci-dss/
- PCI-DSS vs. ISO 27001 Part 2 – Implementation and Ce rtification https://advisera.com/27001academy/knowledgebase/pci-dss/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Sep 04, 2017

Expert Advice Community