Policies and Procedures: PCI

Product Overview

A major aspect of PCI DSS compliance involves having up-to-date policies and procedures (see: requirement 12). All organizations have different processes to handle, store, or transmit card data, and building policies and procedures from the ground up can be a time-consuming process.

SecurityMetrics’ PCI policy and procedure templates provide a comprehensive solution for PCI requirements that are specific to your organization’s Self-Assessment Questionnaire (SAQ) and card data environment. By using these customizable templates, you can meet requirements while saving time and resources.

Product Benefits

• Customizable templates provide you with an outline that you can use as a launching point, saving you time and resources.
• The templates are built with PCI DSS requirements in mind, providing you with a comprehensive solution to meet the compliance standard.
• The templates are built to work with existing policies so you can keep what you have and implement what’s missing, saving you from headaches that accompany process change.
• To keep communication lines open and eliminate confusion, SecurityMetrics assigns you a single point of contact.
• Implementing policies allows you to complete up to 58% of your SAQ

What's Included

SecurityMetrics will deliver the Policies & Procedures that are applicable to your business environment, these may include all or some of the following documents:

Policies:

• Security Policy Template
• Policy Checklist
• Instructions for Using the Policy Documents

Procedures:

• 2-Tier Network Template
• Authorized User List
• Card Data Environment Details
• Critical Technology Device Inventory
• Data Encryption and Key Management Procedures
• Employee Authorization Form
• Employee Computer Usage Policy
• Firewall and Router Configuration Standards 
• Flow Diagram Template
• Full Data Retention and Storage Procedures 
• Incident Response Plan Template
• NTP Configuration Procedures Template
• Operating Procedures 
• Payment Terminal Device Review Log
• PCI Service Provider Responsibility Matrix
• PCIDSS 3-OWASP Matrix 2016
• Physical Security Procedures Template 
• Risk Assessment Process Template 
• Service Provider Compliance Validation Procedures 
• Significant Change Control Procedure Template
• Software Development Life Cycle Template 
• System Hardening and Configuration Standards 
• Vulnerability Discovery and Risk Ranking Process
• Wireless Device Detection and Identification Process