This program is intended for the following industries and their vendors and service providers:

  • Retail
  • General Business*

* General businesses (any industry not mentioned under Regulated Industries) should only use this program if they do not do business with any business in a regulated industry. If you have any question, please take the free Risk Assessment, which will tell you which program you need.

Every company, even if it does not fall under PCI, has obligations to protect the information it collects, whether it is the information of customers or employees. Every contract and insurance policy includes requirements to protect information and PCI provides the most basic framework to do so.