The PCI Security Standards Council posted a document on Data Storage Do’s and Don’ts this week. This document does an excellent job breaking down the storage piece of PCI for merchants big and small, but especially for the smaller folks out there.

Now, for all of you out there, don’t forget that PCI is NOT just a data storage initiative. Just because you don’t store cardholder data does not exempt you from being compliant. That said, locating your data is step one in understanding how you measure up to the PCI Standard. Consequently, it is also step one in VeriSign’s PCI Program Management methodology.

How healthy is your compliance program? If it needs work, drop us a line and we’ll see how we can help!

This post originally appeared on BrandenWilliams.com.