A major aspect of PCI DSS compliance involves having up-to-date policies and procedures (see: requirement 12). All organizations have different processes to handle, store, or transmit card data, and building policies and procedures from the ground up can be a time-consuming process.
SecurityMetrics’ PCI policy and procedure templates provide a comprehensive solution for PCI requirements that are specific to your organization’s Self-Assessment Questionnaire (SAQ) and card data environment. By using these customizable templates, you can meet requirements while saving time and resources.
- Customizable templates provide you with an outline that you can use as a launching point, saving you time and resources.
- The templates are built with PCI DSS requirements in mind, providing you with a comprehensive solution to meet the compliance standard.
- The templates are built to work with existing policies so you can keep what you have and implement what’s missing, saving you from headaches that accompany process change.
- To keep communication lines open and eliminate confusion, SecurityMetrics assigns you a single point of contact.
- Implementing policies allows you to complete up to 58% of your SAQ
SecurityMetrics will deliver the Policies & Procedures that are applicable to your business environment, these may include all or some of the following documents:
- Security Policy Template
- Policy Checklist
- Instructions for Using the Policy Documents
- 2-Tier Network Template
- Authorized User List
- Card Data Environment Details
- Critical Technology Device Inventory
- Data Encryption and Key Management Procedures
- Employee Authorization Form
- Employee Computer Usage Policy
- Firewall and Router Configuration Standards
- Flow Diagram Template
- Full Data Retention and Storage Procedures
- Incident Response Plan Template
- NTP Configuration Procedures Template
- Operating Procedures
- Payment Terminal Device Review Log
- PCI Service Provider Responsibility Matrix
- PCIDSS 3-OWASP Matrix 2016
- Physical Security Procedures Template
- Risk Assessment Process Template
- Service Provider Compliance Validation Procedures
- Significant Change Control Procedure Template
- Software Development Life Cycle Template
- System Hardening and Configuration Standards
- Vulnerability Discovery and Risk Ranking Process
- Wireless Device Detection and Identification Process