PCI Compliance

Maintain an Information Security Policy

Creating and maintaining efficient policies makes it easier for a business to enact and follow a PCI compliance program. An information security policy helps lay out the organizational instructions for implementing a PCI compliance program and ties together all the elements of your compliance efforts. This focus area contains detailed requirements for the contents of security policies and standards.

Requirement #12: Maintain a policy that addresses information security for employees and contractors
The essence of this requirement is to create, maintain and distribute an information security policy that addresses all of the PCI DSS requirements, includes an annual risk assessment and requires that the policy be reviewed annually.

Address all PCI requirements in the business’s security policy. A process will need to be defined to identify vulnerabilities and assess risk, with reviews conducted when changes are made to the cardholder data environment
Audit your daily operational procedures to ensure they meet PCI DSS requirements
Create usage policies for all the technology used by employees and contractors. This can include handheld devices, laptops, Internet, remote access, etc.
Identify and define each employee and contractor’s information security responsibilities
Assign information security responsibilities to specific individuals
Create a security awareness program to train employees on the importance of data security
Screen all employee applicants before hiring to limit security risks inside the business
Create a detailed response plan in the event of a security breach

Restaurant Data Security Home - Contact Us
PCI Compliance 101 Data Security Milestones What Can You Do Today? Life Cycle of a Data Security Breach Data Security e-Newsletter Additional Resources

< Back to PCI Compliance PCI Compliance Maintain an Information Security Policy Creating and maintaining efficient policies makes it easier for a business to enact and follow a PCI compliance program. An information security policy helps lay out the organizational instructions for implementing a PCI compliance program and ties together all the elements of your compliance efforts. This focus area contains detailed requirements for the contents of security policies and standards. Requirement #12: Maintain a policy that addresses information security for employees and contractors The essence of this requirement is to create, maintain and distribute an information security policy that addresses all of the PCI DSS requirements, includes an annual risk assessment and requires that the policy be reviewed annually. Address all PCI requirements in the business’s security policy. A process will need to be defined to identify vulnerabilities and assess risk, with reviews conducted when changes are made to the cardholder data environment Audit your daily operational procedures to ensure they meet PCI DSS requirements Create usage policies for all the technology used by employees and contractors. This can include handheld devices, laptops, Internet, remote access, etc. Identify and define each employee and contractor’s information security responsibilities Assign information security responsibilities to specific individuals Create a security awareness program to train employees on the importance of data security Screen all employee applicants before hiring to limit security risks inside the business Create a detailed response plan in the event of a security breach

© 2011 Radiant Systems, Inc. All Rights Reserved.