Drupal PCI Compliance White Paper: Update 5/5/2013

For context, click here to jump down to the reference links.

Where We Are

I'm pleased to announce the following:

Why PCI Compliance for Drupal Is More Important Than Ever

And perhaps the most important item—if you currently own, operate, or host an ecommerce website that is NOT compliant, you could be putting your business at risk.

Next Steps

This is a complex topic that requires a lot of time to check assumptions, distill a large volume of material down to the most important elements, and write it in a way that is understandable across several audiences within the community. Having nearly achieved a fully complete first draft, we are at the stage where we will need to iterate and refine it to ensure its one cohesive document and it has all the necessary components (most notably references, citations, and footnotes). We will then reach out to additional reviewers to get feedback from a wider audience. If all goes as planned, this feedback will only require us to make minor adjustments and we will have a clear path forward to a final release.


There are still several gold and silver sponsorships available if you are willing and able to fund the remaining portions of this project. While a lot of progress has been made, I recall several personal (and painful) experiences submitting manuscripts to scientific journals only to find out that the quantity of revisions requested required rewriting a paper from scratch. Yes this can be disheartening, but it almost always resulted in a much better end product. Therefore, if you would like to become a sponsor, please reach out to me using the contact information at the official website for the white paper.

Thank you for your time and I look forward to contributing this work back to the community!


The following articles, posts, and websites describe the motivating factors for starting this project:

Tags: Drupal Planet, PCI compliance
comments powered by Disqus