I have a few clients that I do PCI audits for, they hold credit card data for online processing so were required for it. There are some tools out there free/pay that you can look at www.cisecurity.org <http://www.cisecurity.org/> is a decent place to start.
GFI makes a pci compliance package that does metering, event log capture and a couple other things that encompass the overall process. What does the girls scouts have that requires compliance just out of curiosity? ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
