Web Development / Design Companies

Organisations that develop web applications may be required to work towards PCI DSS Compliance. Instead of assessing as a merchant however, web development companies may need to certify as a PCI DSS Service Provider.

Although Self-Assessment Questionnaire D is most relevant for web development companies, it is highly likely that many of the requirements within the SAQ form will be answered N/A. For example if a web development company designs applications that do NOT store card data, and their environment never stores card data, then many of the questions within requirement 3 may not be applicable. Equally, however the questions defined within requirement 6 may be very relevant, and robust policies, procedures and working practices would be needed to achieve overall compliance.

In some instances, organisations that produce payment applications may be required to achieve PA-DSS certification. This overlays additional security requirements on the application and requires a different set of auditing measures.

Nettitude recommends that there are many things that web development companies can undertake to reduce their risks and consequently descope PCI DSS. To find out more about how Nettitude can help with this, please complete our Contact Form and a consultant will respond to your enquiry.

Live Chats

QUOTE REQUEST

Name:

Organizations:

Email:

Telephone:

We will provide you with testimonials, sample reports, methodology and a proposal, once we have understood your requirements.

Contact Nettitude Today

Phone: +44 (0)845 52 000 85 E-mail: