What Can You Do Today?
Protecting cardholder data and your business from data security-related risks can be confusing and sometimes seems like a daunting task. However, following a checklist of basic recommended operating procedures can help you start reducing these risks today. Building and maintaining a secure environment is tied to two main areas – technology and processes. These two go hand-in-hand when protecting cardholder data. Technology involves the use of software, hardware and third-party services that help protect cardholder data from various threats. Process is a specific set of operating procedures used to implement and maintain protection.
There are many ways to deploy and configure the applications and infrastructure you have at your restaurant. This can affect the security at your site. Make sure and work with your application and service providers to ensure your site is implemented in the most secure manner possible.
Security does not represent a point in time. It’s continuously ongoing and you need to ensure that you have processes established to monitor the security of the data at your restaurant. You may want to engage a Qualified Security Assessor (QSA) and/or an Authorized Scanning Vendor (ASV) to help you fill out your PCI compliance and provide periodic scanning services to test the security of your infrastructure.
The following links dig deeper into each of the categories represented. The recommended operating procedures and tasks included in each category can help you enhance the security at your site, but will not guarantee that you are secure.