The rules and requirements for PCI Compliance are found within the PCI Data Security Standard, or PCI-DSS. The PCI-DSS is updated on a regular basis to address new security concerns as well as to elaborate on existing requirements. Version 2.0 of the PCI-DSS has been made publicly available here.
For those of you who are familiar with the PCI-DSS version 1.2.1, there is a document on the link above entitled “Summary of Changes” which lists the differences between version 1.2.1 and version 2.0. This document is very helpful for understanding the new requirements, as well as for updating your existing policies and procedures to reflect PCI-DSS v2.0. You will notice that many of the changes to PCI-DSS version 1.2.1 are made for clarifying existing requirements, and others provide additional guidance and evolution to the requirements.
If your company does not undergo a yearly audit you are still required to follow the PCI-DSS rules as they apply to your processes for handling cardholder data. The Summary of Changes document is a great way to quickly spot any changes which might affect your company. Also be sure your PCI Compliant hosting providers are planning on staying compliant with the new PCI-DSS version 2.0 requirements (which we are)!