Media content

Key Benefits

PCI DSS: Categories & Requirements

Standard categories with name, code, and description; requirements with a full set of text fields (name, description, definition, purpose, guidance, examples, testing procedures, individualized approach objective, applicability notes, additional information). All texts have country-specific translations. Add, edit, and delete requirements; export and import. Standard documents (PDF): upload, view, delete.

ISO/IEC 27002: Topics & Controls

Topics (people, physical, technological, organizational) with description and translations. Controls with number, name, description, purpose, guidance, and attributes: control type, information security properties (CIA), cybersecurity concepts, security domains. Text field translations by country. Export, import, add, edit, and delete controls.

AI-Powered Translation & Search

Translate text fields of PCI DSS requirements and ISO 27002 controls into a selected language using AI to populate multilingual content. Search across requirement or control text using AI (supports Google, Claude, DeepSeek providers) to quickly find relevant standard items.

Group-Based Access

Access to the PCI DSS section and the ISO 27002 section is configured separately by user groups. For each group: view permission, edit permission, and the option to show the link to the respective section on the homepage.

Features & Capabilities

PCI DSS: Categories & Requirements

  • Standard categories: identifier, name, code, description with country-specific translations
  • Requirements: number, category, name, description, definition, purpose, guidance, examples
  • Testing procedures, individualized approach objective, applicability notes, additional information
  • Add, edit, and delete requirements; export and import requirements
  • AI-powered translation of requirement fields
  • AI-powered search across requirement text (Google, Claude, DeepSeek)

PCI DSS Documents

  • Upload documents (e.g., PDF) related to the PCI DSS standard
  • Document name and description
  • View and delete documents

ISO 27002: Topics & Controls

  • Topics: people, physical, technological, organizational — with description and translations
  • Controls: number, topic, name, description, purpose, guidance, additional information
  • Control type: preventive, detective, corrective
  • Information security properties (confidentiality, integrity, availability)
  • Cybersecurity concepts and security domains
  • Export, import, add, edit, delete controls
  • AI-powered field translation and search

Access

  • Separate group-based access to the PCI DSS section: view, edit, show link
  • Separate group-based access to the ISO 27002 section: view, edit, show link

Use Cases

PCI DSS Requirements Catalog

Store and view PCI DSS standard categories and requirements with full texts: name, description, definition, purpose, good practice guidance, examples, testing procedures, and other fields. Use country-specific translations for multilingual teams. Add and edit requirements, export and import data. Attach documents (PDF) to the standard for reference.

ISO/IEC 27002 Controls Catalog

Maintain a catalog of ISO/IEC 27002 controls by topic (people, physical, technological, organizational). For each control, store the number, name, description, purpose, guidance, and attributes: control type, information security properties (CIA), cybersecurity concepts, security domains. Populate country-specific translations; use AI-powered translation to accelerate the process. Export and import controls for backups or migration between environments.

AI-Powered Standard Search

Quickly find relevant PCI DSS requirements or ISO 27002 controls using natural language queries. The search is performed via AI (supports Google, Claude, DeepSeek providers). Results show the relevant standard items with context for audits and policy preparation.

Multilingual Content

All categories, requirements, and controls support country-specific translations. For quick content population, use AI-powered field translation: select a language and fields — the system will fill or update the translations. This is convenient for maintaining multiple languages without manual copying.

Access Segregation to Standards

Access to the PCI DSS section and the ISO 27002 section is configured separately by user groups. Some groups may only view the catalog, while others can edit requirements or controls. The option to show the link on the homepage allows hiding sections from groups that do not work with a particular standard.

Technical Details

Architecture

Standards module: two subsections — PCI DSS and ISO 27002. PCI DSS: standard categories and requirements with text fields and country-specific translations; a separate document store (files). ISO 27002: topics (fixed set) and controls with text fields and attributes (type, CIA properties, cybersecurity concepts, domains); country-specific translations. Export/import in a suitable format. Field translation and search via external AI APIs (Google, Claude, DeepSeek). Data in the project database; document files in the project's storage.

Security

Access to the PCI DSS section and the ISO 27002 section is managed separately by user groups. Permission checks for viewing and editing. CSRF protection and input validation. PCI DSS documents are stored with access restricted by module permissions.

Scalability

Requirement and control lists with pagination and filtering; queries with eager loading of related data. Export and import are handled within a typical request. AI-powered search depends on external APIs and their rate limits.

Customization

PCI DSS categories and requirements with a full set of fields and country-specific translations. ISO 27002 topics with description and translations; controls with attributes and translations. Separate group-based access permissions for PCI DSS and ISO 27002. Integration with AI providers for translation and search is configured within the project.

Frequently Asked Questions

What are PCI DSS categories and requirements?

A category is a section of the PCI DSS standard (name, code, description). A requirement belongs to a category and contains the full text: name, description, definition, purpose, good practice guidance, examples, testing procedures, individualized approach objective, applicability notes, and additional information. All these fields support country-specific translations.

What are ISO 27002 topics and controls?

A topic is one of four groups: people, physical, technological, organizational. A control belongs to a topic and has a number, name, description, purpose, guidance, and attributes: control type (preventive, detective, corrective), information security properties (confidentiality, integrity, availability), cybersecurity concepts, and security domains. Text fields have country-specific translations.

How does AI-powered translation work?

For PCI DSS requirements and ISO 27002 controls, a function is available to translate selected fields into a chosen language. The system uses external AI APIs (Google, Claude, DeepSeek) configured in the project. The translation is stored as a country-specific translation for the selected language. This helps quickly populate multilingual content without manual copying.

How does AI-powered search work?

The user enters a natural language query (e.g., "requirements for password storage"). The system sends the query to one of the supported AI providers (Google, Claude, DeepSeek) along with the context of the requirements or controls. The AI returns relevant standard items. The results are displayed in the interface for further review and use.

Can I export and import data?

Yes. PCI DSS requirements and ISO 27002 controls can be exported in a suitable format (e.g., Excel/CSV, depending on project implementation) and imported back. This is convenient for backups, migration between environments, or bulk content updates.

How is access restricted to PCI DSS and ISO 27002?

Access is configured separately for each standard by user groups. For each group, you can specify: view permission, edit permission, and the option to show the link to the respective section on the homepage. Users without access cannot see the content or edit requirements/controls.

What are PCI DSS documents for?

You can upload documents (e.g., PDF) to the PCI DSS section — official standard texts, methodological recommendations, etc. Each document has a name and description. Documents can be viewed and deleted. They are stored in the project's storage and are accessible to users with PCI DSS view permissions.

Related Modules

Risk Assessment & Management

Document Management

Asset Management

Ready to Get Started?

Explore this module and enhance your organization's security posture