Frequently Asked Questions

< Back to search page

Is the Prioritized Approach mandatory?

FAQ Response

The PCI SSC does not mandate the use of any one approach to PCI DSS compliance. The Prioritized Approach is designed as a reporting tool to help entities understand where they can act to reduce risk earlier in the compliance process, and to provide a means to track their progress towards compliance.

In some cases, acquirers (merchant banks) or the payment brands may require use of this reporting tool as part of the payment brands' compliance programs. Organizations should check with their acquirer or payment brand, to determine if the Prioritized Approach reporting tool should be included in their compliance reporting.

March 2009
Article Number 1171

How does the Prioritized Approach work?

Can I report on my Prioritized Approach progress instead of producing a Report on Compliance or Attestation of Compliance?

Should I complete the Prioritized Approach milestones in sequential order?

Does the Prioritized Approach replace the PCI DSS?

Frequently Asked Questions

Is the Prioritized Approach mandatory?

Related Articles