PCI Security Policies

Services clients purchase before

PCI Compliance Gap Analysis

Services clients purchase after

PCI Security Awareness Training

Top 10 Tips for PCI Compliance
PCI Shrink to Fit
Need some help?

Speak to the Risk Factory Foreman, and he'll tell you everything you need to know.

Call us on 0800 978 8139

Quote details

What are they?

The PCI Security Policies provide a comprehensive set of documents that identifies what must be done in your organisation to protect the credit and debit cardholder data your business processes, stores or transmits. Good policies are simple, pragmatic, and should be clearly communicated to your employees from the top down. They can proactively define and promote a culture of awareness, action, and responsibility.

Done properly, no other mechanism has the power to ensure that all employees are working towards the established business goals as a good set of policies and procedures. Comprehensive and detailed policies set the foundation for PCI compliance efforts.

Why should I do it? 

Security policies addressing the guidelines for protecting cardholder data are required for compliance to the Payment Card Industry (PCI) Data Security Standard (DSS) V.3 Requirement 12.1 as they enable your management, staff and 3rd party suppliers to understand what they specifically need to do to ensure that sensitive cardholder data is protected. 

How often should I do this?

Once established, your PCI Security Policies should be re-evaluated after any major change to your systems. At a minimum, they are required be reconfirmed and updated annually to keep them current with your business security objectives.

What will Risk Factory do?

  • Provide best practice PCI cardholder information security policies for your branding and implementation.
  • Deliver an additional template of recommended “control-level” procedures required for actually implementing the policies.
  • Conduct a workshop for management and key business stakeholders to ensure their understanding and finalisation of the policies for implementation.
  • Provide one year of telephone support from an information security policy specialist to answer any questions or issues you may have regarding the implementation of the policies.

What will I receive?

Is there anything I need to do in advance?

You’ll just need ensure that the appropriate business stakeholders are available to attend the workshop. If you have any questions, don’t hesitate to contact the Factory Foreman.