Information security has become very important part of everyday business of most companies. The company’s need to protect its valuable assets, material or non material, results in establishing information security management systems and in obtaining various security certificates. To become compliant with internationally recognized certificate, a lot of work needs to be done and a lot of resources must be spent. Major and probably the most common security certificate is ISO 27001. All merchants and service providers of e-commerce and card payment service have to be compliant with PCI DSS. A model of how to reduce required resources and how to simplify achieving PCI DSS compliance by using ISO 27001 will be shown in this paper.