PCI POLICIES & PROCEDURES

A large part of PCI DSS is based around having strong policies and procedures. In many instances, organizations may have working practices that fit with PCI DSS, however these processes are frequently organic and not shared amongst the organization at large.

To become PCI DSS compliant and reduce the risk of card fraud, organizations need to document the working processes, document the security technology and document the card data flows that exist within the environment. Once many of these elements are documented they need to be communicated to the organization at large. Through strong documentation and improved staff awareness, organizations will be able to reduce their risk and maintain a posture that is more consistent with the PCI DSS.

Request a free quote

PCI (QSA, PAQSA, ASV) - ISO

Where organizations have existing security policies as part of ISO 27001/27002 or as part of an employee manual, Nettitude can provide guidance on how these documents can be enhanced and strengthened. Alternatively, in environments where there is no formal documentation, Nettitude can generate a comprehensive set of policy documents, branded and tailored to an organization’s individual environment and working processes.

Nettitude will ensure that all Information Security documents fully address the requirements of the PCI DSS as well as being adapted to work within your corporate setting and culture. A full mapping between the policy documents and the PCI DSS is also provided to assist in any audit processes that take place.

To find out more about how Nettitude can help you with your Compliance requirements, please complete our contact form, and a Consultant will respond to your enquiry.