Introducing Automated PCI DSS Compliance

Announcing Drata’s new framework—PCI DSS. If you accept, process, store, or transmit credit card information, PCI compliance is required.

by Adam Markowitz

January 18, 2022
Introducing Automated PCI DSS Compliance

Out of the 1.4 million reports of identity theft in 2020, credit card fraud accounted for 28% of them. And we know that as a business, part of building trust with your customers is proving that you deserve it. Keeping credit card information safe is a vital step.

With that in mind, we’re excited to announce Drata’s fourth framework—Payment Card Industry Data Security Standard (PCI DSS). In less than a year out of stealth, we’re continuing our mission to ensure the future of trust in the cloud by expanding our framework coverage that allows our customers to build trust with their customers and partners. 

If you’re ready to start your journey to PCI compliance, read on.

What is PCI DSS Compliance?     

PCI DSS is a strict set of standards required by major credit card companies to ensure all companies that accept, process, store, or transmit credit card information maintain a secure environment. The PCI Security Standards Council is responsible for developing and managing PCI DSS standards. 

PCI DSS offers merchants and service providers processing less than 4 million transactions annually the option to use self-assessment questionnaires (PCI SAQ) as a validation tool. 

Key Features


We’re proud to bring you a solution that will consolidate the number of tools you use to become and remain PCI compliant. Here are just a few key features: 

SAQ Readiness 

The broad set of controls we have put in place fulfill the requirements for SAQ-D for merchants and service providers. PCI defines these as:

  • Service provider: a company that provides a service that could have an impact on the security of cardholder data. 

  • Merchant: any entity that accepts payment cards bearing the logos of any of the five members of PCI SSC—American Express, Discover, JCB, MasterCard, or Visa. 

With a dedicated support team of compliance experts and former auditors, you’ll have access to a breadth of knowledge to keep you on track with your goals and answer any questions you may have on PCI SAQs.

PCI Controls Management

Drata’s system is a layer of communication between siloed tech stacks and an overwhelming number of PCI compliance controls. Save time by having all the controls and requirements you need to be PCI compliant in one place. 

Customization and Integrations

With 50+ integrations that instantly connect to your tech stack, monitoring your controls, endpoints, and vendors becomes seamless. As with all of our frameworks, you’ll also have the ability to assign control owners, create custom controls, send control notification reminders, and more.  

Single Dashboard for all Frameworks

Streamline your compliance processes with a single dashboard. Whether you’re looking to reach compliance in one or multiple frameworks, your dashboard gives you full visibility into your company’s security posture at all times. 

Knowing where you stand at any given time can help you make needed changes, stay audit-ready, and provide outside parties with real-time evidence.

Prepare for Your Report of Compliance

Every customer at Drata receives a dedicated success manager. Your manager will proactively engage with you to ensure you’re audit-ready. If you’re a current Drata customer, reach out to your success manager to set up PCI on your dashboard.

If you’re ready to see how Drata can automate your road to PCI compliance, book a demo here.

Trusted Newsletter
Resources for you
SOC 2 Points of Focus

Everything You Need to Know About the Revised Points of Focus for the SOC 2 Trust Services Criteria

List Shift Left Security

What is Shift Left Security and Why Should Businesses Incorporate It?

List 13 states with comprehensive privacy laws

These Are the 13 States With Comprehensive Consumer Privacy Protection Laws

Adam Markowitz
Adam Markowitz is the co-founder and CEO of Drata, a continuous security and compliance automation platform. Prior to Drata, Adam was the founder and CEO of Portfolium, an academic portfolio network for students and alumni to visually showcase their work and projects directly to employers, faculty, and fellow students/alumni. Portfolium was acquired by Instructure (NYSE:INST) in 2019. He also worked as an aerospace engineer designing, analyzing and testing liquid rocket engines for NASA’s next generation space launch vehicle as well as the Space Shuttle Main Engine. Adam earned a B.S. in Structural Engineering from UC San Diego and an M.S. in Astronautical Engineering from the University of Southern California.
Related Resources
DDRR Recap

A Recap of Drataverse Digital: Risk and Reward

SentinelOne + HRIS

Reduce Manual Workload With SentinelOne and 23 New Deep HRIS Integrations


Drata's New NIST AI RMF: A Game-Changer for AI Risk Management

TPRM (1)

Unveiling Third-Party Risk Management (TPRM): A Future-Proof Approach to Risk