Super Team


POLICY  AND PROCEEDURES


Every organization should have written policies and procedures that clearly define the company's policies for protecting information and data assets. This becomes even more critical regarding Payment Card Industry Data Security Standards. PCI DSS v2.0 states that companies must develop, implement and enforce an Information Security Policy. HEALTHINOVATION can provide your organization with consulting services to meet this requirement. Our consultants, in conjunction with your administrative and IT staff, will work together to create the necessary documents.


The
PCI DSS v2.0 policy and procedure requirements include, but are not limited to the following:

  • Anti-virus
  • Data Classification & Control
  • Data Control
  • Data Retention & Disposal
  • Employee Identification
  • Encryption
  • File Integrity
  • Firewall & Router Security
  • ID & Password
  • Incident Response Plan
  • IT Change Control
  • Key Management & Storage
  • Paper & Electronic Media
  • Vulnerability Management
  • Periodic Operational Testing
  • Physical Access Controls
  • Policy Roles & Responsibility
  • Software Development
  • Systems Configuration & Hardening



The HEALTHINOVATION Consulting Process

 Our PCI DSS Policy & Procedure Development process consists of these functions:


  • Information Gathering - Our security consultants conduct a series of interviews with your personnel to gain a better understanding of your operating environment. This information serves as the framework of the policy and procedure documents.
  • Policy & Procedure Development - We create a comprehensive set of policies and procedures that address your company's needs to achieve PCI DSS compliance.
  • Document Review - Your staff reviews the documents along with the HEALTHINOVATION consultants to ensure that all of your objectives are addressed.
  • Document Release & Implementation - Upon your approval of the policies and procedures, we provide a final version for release and implementation. We can provide consulting services to assist with the implementation, if necessary.


 The Information Security policy and procedures documents serve as a foundation for demonstrating due diligence in compliance with PCI standards.

Your completed Information Security policies and procedures documents also provide clarity in employee communications and provide a layer of defense against liabilities associated with misconduct.