PCI POLICIES & PROCEDURES

A large part of PCI DSS is based around having strong policies and procedures. In many instances, organisations may have working practices that fit with PCI DSS, however these processes are frequently organic and not shared amongst the organisation at large.

To become PCI DSS compliant and reduce the risk of card fraud, organisations need to document the working processes, document the security technology and document the card data flows that exist within the environment. Once many of these elements are documented they need to be communicated to the organisation at large. Through strong documentation and improved staff awareness, organisations will be able to reduce their risk and maintain a posture that is more consistent with the PCI DSS.

Request a free quote

PCI (QSA, PAQSA, ASV) - ISO

Where organisations have existing security policies as part of ISO 27001/27002 or as part of an employee manual, Nettitude can provide guidance on how these documents can be enhanced and strengthened. Alternatively, in environments where there is no formal documentation, Nettitude can generate a comprehensive set of policy documents, branded and tailored to an organisation’s individual environment and working processes.

Nettitude will ensure that all Information Security documents fully address the requirements of the PCI DSS as well as being adapted to work within your corporate setting and culture. A full mapping between the policy documents and the PCI DSS is also provided to assist in any audit processes that take place.

To find out more about how Nettitude can help you with your Compliance requirements, please complete our contact form, and a Consultant will respond to your enquiry.