Featured:
Allergies
Grilling Guide
eHow Now Blog

PCI Compliant Security Policy

The most important item in documenting PCI-DSS compliance is the comprehensive PCI Security Policy. Documentation is one of the main steps in becoming PCI compliant and the Security Policy is not something to be taken lightly. It will help to have a professional technical writer who has worked on PCI-DSS compliance projects to put the Security Policy together. The PCI Guy is a PCI-DSS consulting and documentation firm that specializes in these types of documents.

  1. Interviewing Subject Matter Experts

    • Your writer will need to talk to those responsible for various areas of PCI-DSS compliance. Different companies will have resources grouped into different areas, but in general, subject matter experts (SMEs) will come from the departments of IT, development, business and human resources.

    Documenting Information from Subject Matter Experts

    • After interviewing the various SMEs, your writer will then begin documenting the information he has been given. Including PCI-DSS citations along the way in the document will help ensure that all of the requirements are covered (a PCI-DSS requirement itself).

    Vetting Information from Subject Matter Experts

    • After writing the policy and making sure that all PCI-DSS requirements are covered, your writer will go back to the SMEs and make sure that all of the information is accurate and reliable. Make sure that the SMEs are responsible for the information contained within the Security Policy. The writer is there to make suggestions as to how the information will be presented, but he should not be held responsible for erroneous information, such as firewall configurations and access control methods.

    Vetting the Security Policy with the Qualified Service Assessor (QSA)

    • This is perhaps the most important step. Before your QSA comes onsite to conduct the PCI-DSS assessment, submit your security policy to him and make sure that it is approved. The last thing you want to have happen is to have a QSA certify your systems, processes and procedures as being compliant, but note that a problem exists with your documentation (specifically, your Security Policy) that will cause a delay in your becoming PCI-DSS compliant.

    Distributing the Security Policy

    • After the Security Policy is written and approved, distribute it to those resources that have been deemed "in-scope" for PCI-DSS. This not only ensures that everyone knows what is expected and required, but also it is a requirement of PCI-DSS itself.

Related Searches:

References

Resources

Comments

You May Also Like

  • PCI Security Standard Compliance

    PCI compliance is a security standard set for merchants, including Internet merchants and others who accept credit cards as well as collect...

  • PCI DSS Security Procedures

    PCI compliance is required for any business that accepts credit card data. three credit cards image by Aleksandr Ugorenkov from Fotolia.com

  • How to Be PCI Compliant

    So you've been told that your company must be compliant with the Payment Card Industry Data Security Standard (PCI-DSS) requirements and now...

  • The Requirements for PCI Compliance

    Requirements five and six deal with anti-virus maintenance and software development. For the former, you'll need an anti-virus policy, which isn't usually...

  • How to Become PCI Compliant for a Restaurant

    PCI stands for payment card industry. PCI sets security standards in restaurants and other businesses concerning the processing of credit or debit...

  • PCI DSS Security Training Requirements

    PCI DSS Security Training Requirements. Payment Card Industry Data Security Standard (PCI DSS) is a set of comprehensive requirements for security management,...

  • HIPAA Guidelines for Employers

    According to HIPAA's privacy rule, individually identifiable health information, such as a patient's name, date of birth and social security number, must...

  • PCI DSS Compliance Requirements

    PCI DSS Compliance Requirements. Companies that either store, process or transmit credit card data are required by the major card brands (VISA,...

  • How to Become PCI Compliant

    Because of the increase in credit card fraud and identity theft the major credit card companies, Visa, Master Card, American Express and...

  • Compliance Policies & Procedures

    As more regulation and oversight is implemented globally, the need for understanding compliance policies and procedures becomes even more important. Two critical...

  • How to Write a Simple PCI Device Driver

    Device drivers are programs that allow your operating system to interact with your computer's hardware. Drivers are necessary for your computer's hardware...

  • How Do I Tell If a Website Is PCI Compliant?

    PCI compliance is commonly known as the PCI DSS (Payment Card Industry Data Security Standard). Since 2006, it is a mandatory standard...

  • Difference Between Regular PCI & PCI Express Video

    PCI has been the dominant expansion slot for general hardware on PCs since 1995, when Intel released the Pentium. As technology advanced,...

  • PCI Security Job Description

    Data security and identity theft prevention are two of the most important issues facing IT departments, especially in the financial industry. As...

  • Merchant Security Policies for Charge Cards

    In 2004, four major credit card companies (Visa, MasterCard, Discover and American Express) developed the Payment Card Industry Data Security Standard (PCI...

  • How to Create a Firewall Security Policy

    A firewall, whether a physical device (router or gateway) or software-based, is an effective tool in your security arsenal for controlling both...

  • Procedure for Customer Complaints

    Consumer and company interactions are a part of everyday life. In a perfect world, products and services would meet all the needs...

  • PCI Requirements & Security Assessment Procedures

    Securing your customers' credit card information is crucial to your business reputation and profit. credit card with padlock and bugs image by...

  • How to Write an Essay on Foreign Policy

    If you are majoring in political science in college or taking a government class in high school, you may be called upon...

  • Debit Business Card Compliance Issues

    In 2004, according to Acunetix, the Payment Card Industry Data Security Standard (PCIDSS) was established to mitigate security breaches for small and...

Related Ads

thumbnail
Featured