PCI DSS Policy Templates
Companies that store, transmit or process credit card data are required by Requirement 12.1 of the PCI DSS to create and continuously maintain an information security policy for their employees. This makes Requirement 12.1 one of the few requirements of the PCI DSS that applies to all companies, regardless of transaction volume, line of business, or size of the company. In addition to the information security policy itself, the PCI DSS also requires the creation and maintenance of other policies based on the requirements applicable to the company.
Our PCI DSS Policy Templates
Based on our years of experience and in accordance with the PCI DSS requirements, our experts have developed template sets for you based on the PCI DSS versions 3.2.1 and 4.0. The Policy Templates form the basis of your information security policy and contain, in addition to the information security policy itself, all other guidelines necessary for your type of company and your SAQ (Self-Assessment Questionnaire). In addition to the Policy Templates, you will also receive instructions on how to use the templates, which will indicate all the places where you still need to adapt them to your circumstances.
Benefit from the technical know-how of our PCI experts
Create the best possible basis for your PCI DSS compliance
Secure more time and resources for your core business
PCI DSS v4.0
PCI DSS v4.0 will completely replace the previous version PCI DSS v3.2.1 from 01.04.2024. During the transition period, both versions of the standard, PCI DSS v4.0 and PCI DSS v3.2.1, will remain valid in parallel. During this phase, affected companies can decide for themselves which standard they want to be certified against.
Do you have questions or need support with your transition to PCI DSS v4.0?
We have summarized the most important information for you.
Select the right set for you
Select your appropriate set depending on the SAQ classification and the role your company fulfills in the context of PCI DSS (merchant or service provider). Currently, you can also distinguish between policy templates in versions 4.0 and 3.2.1. PCI DSS v4.0 will completely replace the previous version PCI DSS v3.2.1 from 01.04.2024. During the transition period, both versions of the standard will remain valid, so that companies can decide for themselves according to which standard version you provide your compliance validation.
Please note: The version of your Policy Templates must match the version of the PCI DSS according to which your company proves compliance.
Version 4.0
Version 3.2.1
PCI DSS Policy Templates
Do you need assistance? We are here for you.

We will be happy to support you in assigning the appropriate SAQ to your company and in subsequently adapting the PCI DSS Policy Templates to your circumstances.