Governance, risk and compliance (GRC) vendor Acuity has released a free management application for businesses to measure, monitor and report on their compliance to version two of the payment card industry data security standard (PCI-DSS).

Available for download from the Acuity website, the compliance software monitors progress against the PCI-DSS's 'milestones approach' and will identify, assess, manage and report on risks to cardholder data. It will also track residual risk status in relation to performance of PCI controls and key metrics, and provide visibility of information for auditors.

According to the company, the tool reduces the time it takes to gather, collate and report on compliance, improves governance and reduces the cost of external audits and due diligence.

It also claimed that when used with a free version of Acuity's STREAM Integrated Risk Manager software, it can be used to fully automate PCI compliance management functions, recording and maintaining the current status against PCI-DSS and using management reporting to view current and historical statuses with trend analysis.

Simon Marvell, partner at Acuity Risk Management, said: “As PCI requirements impact any business handling payment card information, there is critical need for a practical, risk-based approach to PCI compliance based on easy-to-use, accessible tools that identify, log and report incidents or near misses and use this information to continually improve PCI compliance management processes.”

Download the whitepaper on examples of how a bad QSA can derail your PCI DSS programme.