Jumpstarters For the Road To Compliance?

frustratedbyitall writes: The recent discussion about implementing Unalterable Audit Logs for PCI DSS compliance, has sparked my interest in getting community advice on the larger topic of PCI DSS (and HIPPA, SOX etc.) compliance. What tools have you found useful? Are there any good free (or cheap) template policy documents? What have been the biggest challenges to your organization (outside of organizational issues) in achieving the holy grail of compliance and how did you conquer them? I've done a lot of research and it's really easy to find lots of firms wanting to help you out with consulting hours and/or products. Given that these are issues currently being faced by thousands of organizations, of course it was inevitable that a whole ecosystem would evolve around compliance of these relatively new policy standards. However, most of what I find seems to be junk, and it is therefore hard to distinguish the junk from the useful. For example, with respect to template policy documents I located several companies charging hundreds or thousands for templates that are of questionable quality. I have also found free templates at a few web sites, but they are more skeleton that template (contain outlines but no actual text). I'm also interested in finding good "how-to" guides for implementing a number of the system and network requirements — in order to curtail some amount of internal debate on such topics. For a company that has personnel on hand that are capable of achieving compliance, but would prefer to find some "jump starters", what can you suggest?