CAPSAB PCI DSS v3 Excel template
Our PCI DSS Excel template assists you in the process of assessing your current PCI DSS v3 status and create an action plan on what is needed to be performed to move forward and become PCI DSS v3 compliant. The template is built upon the official PCI DSS v3 requirements documentation and includes functions to easy document your current status. The spreadsheet is easy to work with and fields that shall not be edited is protected and can not be altered. The use of drop-down lists to record current status enables delegation of this task as all the statuses is well defined and will be consistent throughout an organization.
For each demand the template includes fields to add information in regards on your current status and where to find documented information see sample below
PCI DSS template can be filled with information as depictured:
Filling in the “Implementation grade” makes the PCI DSS status change and showing in bright colors your current status, adding information regarding responsible, where to find documents and comments helps to provide you quick access to all information during an on-site QSA audit. The only mandatory fields are the implementation grade, all other can be chosen not to be used, however our recommendation is that you compile all this information and make this spreadsheet your master document to be used during an on-site assessment.
The implementation grade is used to compile the list of controls that are not in place as depictured below, this function depends of the usage of macros which you need to enable before creating the list.
Above list is compiled using the provided macro and gives your organization and complete list of what PCI DSS controls that are not met and an project plan can be created using this information.
The implementation grade is also used to compile management reports that shows your current PCI DSS compliance per area that is updated in real time when you enter your data in the template, sample displayed below
Above shows a sample graph of security maturity in the organization where values below 3 indicates an non compliance towards PCI DSS, the maturity graphs is divided per chapter.
The template also includes function to compile a list of all PCI DSS demands that are met by an compensating control, this list shall be used to ensure that all compensating control worksheets (CCW) are in place and updated, sample of such report
Also included in PCI DSS template
– Sample cardholder data flow
– CCW template in Excel format
– Introduction and explanation of how to use template
– Macros to create list of not in-place and CCWs.
If there is any questions on how to use the template or that you would like to suggest changes to it, please do not hesitate to contact me, all contact information is included in the spreadsheet. Also if you organization do need assistants in any of the phases before, during or after an assessment CAPSAB is able to provide such help, feel free to contact us with your requests as we do have PCI DSS experts to help your organization to meet PCI compliance.