THIS IS A SAMPLE! Feel free to use or modify it for your own use! Want a Policies and Procedures Wiki like this? Sign up for a Staff.Wiki trial by clicking here.
PCI data security
PCI (Payment Card Industry) is a security standard which is created to make sure that all the organizations and companies that deals with any cardholder data have secured environment. PCI requirements for physical security are very simple, but it still takes loads of efforts. PCI have 12 requirements for compliance:
- Install and maintain firewall configuration that provides security for assets of cardholder data. Protecting and securing the stored data.
- Do no use default vendor passwords and another parameter of security.
- Encrypt transmission of cardholder data across open networks.
- Use anti-virus and frequently update their programs to remove any malicious software that can threaten the security of cardholder data environment.
- Secure systems and applications should be developed and maintained.
- Access to cardholder data or physical cardholder data is restricted.
- Those with access should have assigned unique user ID.
- Track and supervise network access.
- Regular testing of security systems and processes should take place.
- A policy must be maintained that addresses information security for all personnel.
- Use of cameras to monitor vulnerable areas. Classification of media is required to protect sensitive data.
- Sensitive Authentication Data must be secured.
Want a Policies & Procedures Wiki like this? Sign up and try Staff.Wiki by clicking here.