PCI-DSS Compliance Support

The Importance of PCI Policy and Procedures for Payment Card Industry Compliance

PCI policy and procedure documentation is a highly critical component for ensuring compliance with the Payment Card Industry Data Security Standards (PCI DSS) provisions.  Many merchants, service providers and other organization requiring PCI compliance quickly realize that developing this documentation is an extremely large part of the overall assessment process.  Unfortunately, most organizations lack the time or internal resources in developing PCI policy and procedure material.  What’s more, many organizations fail to recognize that policies are needed for all other 11 PCI requirement areas and not just requirement 12, which mandates to “Maintain an Information Security Policy”.

If you read through the current PCI DSS version (1.2.1) requirements, there are many areas calling for documented PCI policies for a wide variety of I.T. resources that relating to the cardholder data environment.  Among the more notable requirements are the following:

• Data Retention and Disposal Policy
• Anti-Virus Policies and Procedures
• Password Management rules
• Firewall Policies and Procedures
• Change Management Guidelines

This is just a small sample of a select few PCI policies that will be required for ensuring compliance with the Payment Card Industry Data Security Standards (PCI DSS) initiatives.

Requirement 12, “Maintain an Information Security Policy” is a comprehensive mandate calling for numerous policy and procedure documentation to be in place, such as the following:

• Formal Risk Assessment and Risk Management Program
• Security Awareness Program
• Usage Policies for all en-user technologies and company resources
• Incident Response Plan
• A detailed list of Information Technology roles, responsibilities, and requirements for various personnel.

The efforts required in drafting, revising, and publishing these documents is taxing indeed, which is why many merchants, service organizations and other related parties seek out PCI policy and procedure templates from a trusted, known source.

Consultants in the payments industry are currently charging organizations high fees for developing PCI policy documentation for purposes of compliance, which is beginning to become an ominous issue for many businesses.  The solution is find a reputable vendor selling PCI policy templates you can use.

About the Author

Industry leader in developing PCI policy and supporting policies and templates for Payment Card Industry Data Security Standards (PCI DSS) compliance.

PCI Compliance – PCI DSS – Presented by SecureSkills