Hi big_al, do you know since when did they start this? Or has it always been a requirement (one would think so?) ?
Do you know any recommended Australian security testing company?
I think it's a good thing to do, although not all of their recommendations / requirements will be applicable to everyone. Preparing those policy documents would be quite time consuming, would probably take 2-4 weeks at least...
So how are you going with your effort towards compliance?
Another thing is.... maybe we can use eway's rebill facility (or something similar) and not store the CC at all.... would that mean we can get away with not having to comply with them?