Is my Jottful website PCI compliant?

Jottful's website software does not handle any financial transactions and, as such, is not a party to your organization's PCI compliance requirements.

What is PCI compliance?

PCI compliance is a security standard designed to protect cardholder data for financial transactions. Any organization, regardless of size, that handles credit/debit cardholder information (whether by storing, processing, or transmitting it) is required to be PCI compliant.

There are both technical and non-technical aspects of PCI compliance.

Technical PCI compliance

Your Jottful website includes a TLS (formerly SSL) security certificate and it does NOT handle any cardholder information. If you collect payments via your website, then you are using third-party payment software, such as Stripe, PayPal, Zeffy, Square, etc. You will need to confirm the payment software you use is PCI compliant.

Jottful's application software and all Jottful websites are hosted on Amazon Web Services (AWS). AWS auto-updates software and is certified as a PCI DSS Level 1 Service Provider, the highest level of assessment available.

Non-technical PCI compliance

You will also need to ensure your operations promote financial data security. This may include: 

• Limiting who has access to cardholder data
• Authenticating users who access the data
• Training your team members on data security
• Putting in place an information security policy

Jottful is not able to provide advice on how to implement non-technical PCI compliance measures. You may find self-assessment checklists online that you can use to confirm your organization is PCI compliant.