PCI DSS FAQ - Payment Card Industry (PCI) Data Security Standard Discussion Forum  

Go Back   PCI DSS FAQ - Payment Card Industry (PCI) Data Security Standard Discussion Forum > Payment Card Industry Data Security Standard Frequently Asked Questions (PCI DSS FAQ) > Maintain an Information Security Policy > [PCI-DSS] Requirement 12: Maintain a policy that addresses information security
Reload this Page 12.1 Establish, publish, maintain, and disseminate a security policy that accomplishes the following:
Register FAQ Calendar Search Today's Posts Mark Forums Read

[PCI-DSS] Requirement 12: Maintain a policy that addresses information security A strong security policy sets the security tone for the whole company and informs employees what is expected of them. All employees should be aware of the sensitivity of data and their responsibilities for protecting it.

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 03-18-2007, 03:35 AM
admin's Avatar
admin admin is offline
Administrator
  
Join Date: Jul 2002
Posts: 229
Default 12.1 Establish, publish, maintain, and disseminate a security policy that accomplishes the following:
12.1 Examine the information security policy and verify that the policy is published and disseminated to all relevant system users (including vendors, contractors, and business partners)
Reply With Quote
  #2  
Old 01-08-2009, 11:09 AM
ojm37 ojm37 is offline
Junior Member
  
Join Date: Jan 2009
Posts: 2
Question Example of a Security Policy...
Is there somewhere I can go to get an example of a Security Policy for a small shop that doesn't "intentionally" store card data?
Reply With Quote
  #3  
Old 11-12-2009, 06:37 AM
needaholiday needaholiday is offline
Junior Member
  
Join Date: Nov 2009
Posts: 1
Default Policy document
When writing a pci policy - do you need to address all requirements in pci-dss standard or those that relate to the SAQ you complete? If you answer N/A to one of the questions on the SAQ do you still need to have this item addressed in your policy?
Reply With Quote
Reply

Bookmarks
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
12.6.2 Require employees to acknowledge in writing that they have read and understood the company's security policy and procedures admin [PCI-DSS] Requirement 12: Maintain a policy that addresses information security 0 03-18-2007 03:44 AM
12.5.3 Establish, document, and distribute security incident response and escalation procedures to ensure timely and effective handling of all situations admin [PCI-DSS] Requirement 12: Maintain a policy that addresses information security 0 03-18-2007 03:42 AM
12.5.1 Establish, document, and distribute security policies and procedures admin [PCI-DSS] Requirement 12: Maintain a policy that addresses information security 0 03-18-2007 03:41 AM
12.4 Ensure that the security policy and procedures clearly define information security responsibilities for all employees and contractors. admin [PCI-DSS] Requirement 12: Maintain a policy that addresses information security 0 03-18-2007 03:41 AM
[PCI-DSS] 3.1 Keep cardholder data storage to a minimum. Develop a data retention and disposal policy. Limit storage amount and retention time to that which is required for business, legal, and/or regulatory purposes, as documented in the data retention policy. admin [PCI-DSS] Requirement 3: Protect stored cardholder data 0 03-18-2007 02:51 AM


All times are GMT -4. The time now is 06:56 AM.

Contact Us - PCI DSS FAQ - Payment Card Industry (PCI) Data Security Standard Discussion Forum - Archive - Top

All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest ©1997 - 2010 by PCIDSSFAQ.ORG, except where noted otherwise.
Powered by vBulletin, Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
PCI-DSS Forum  |  PA-DSS Forum