Available for download from the Acuity website acuityrm.com, the compliance software monitors progress against the six milestones in the PCI-DSS Prioritized Approach and will identify, assess, manage and report on risks to cardholder data. It will also track residual risk status in relation to performance of PCI controls and key metrics and provide visibility of information for auditors.

The Acuity PCI DSS tool reduces the time it takes to gather, collate and report on compliance; while also improving governance and reducing the cost of external audits and due diligence by always having up-to-date status information. And by mitigating the risk of incidents resulting from non-compliance, companies will also save costs associated with crisis responses, direct losses and reputational damage.

"As PCI requirements impact any business handling payment card information, there is critical need for a practical risk-based approach to PCI compliance based on easy-to-use, accessible tools that identify, log and report incidents or near misses and use this information to continually improve PCI compliance management processes," said Simon Marvell, partner at Acuity Risk Management.

The free, single-user license of the PCI compliance tool is configured with detailed PCI DSS requirements and security assessment procedures. Used with a free version of Acuity's STREAM Integrated Risk Manager software, it can be used to fully automate PCI compliance management functions, recording and maintaining the current status against PCI DSS and using sophisticated management reporting to view current and historical status with trend analysis. STREAM can be implemented as an Enterprise GRC solution for specific management systems, such as information risk, IT governance and business continuity.