POLICY AND PROCEEDURES
Every
organization should have written
policies and procedures that clearly define the company's
policies for protecting
information and data assets. This becomes even more critical
regarding Payment Card Industry
Data Security Standards.
PCI
DSS v2.0 states that
companies must develop, implement
and enforce an Information Security Policy.
HEALTHINOVATION
can
provide your organization with consulting services to meet this requirement.
Our consultants, in
conjunction with your administrative and IT staff, will work
together to create the necessary
documents.
The PCI
DSS v2.0 policy and procedure requirements include, but are
not limited to the following:
- Anti-virus
- Data Classification & Control
- Data Control
- Data Retention & Disposal
- Employee Identification
- Encryption
- File Integrity
|
- Firewall & Router Security
- ID & Password
- Incident Response Plan
- IT Change Control
- Key Management & Storage
- Paper & Electronic Media
- Vulnerability Management
|
- Periodic Operational Testing
- Physical Access Controls
- Policy Roles & Responsibility
- Software Development
- Systems Configuration & Hardening
|
The HEALTHINOVATION
Consulting Process
Our PCI DSS Policy & Procedure Development process consists of
these functions:
- Information Gathering - Our security consultants conduct a
series of interviews with your personnel to gain a better understanding
of your operating environment. This information serves as the framework
of the policy and procedure documents.
- Policy & Procedure Development - We create a
comprehensive set of policies and procedures that address your
company's needs to achieve PCI DSS compliance.
- Document Review - Your staff reviews the documents along
with the HEALTHINOVATION consultants to ensure that all of your
objectives are addressed.
- Document Release & Implementation - Upon your
approval of the policies and procedures, we provide a final version for
release and implementation. We can provide consulting services to
assist with the implementation, if necessary.
The Information Security policy and procedures documents serve as a
foundation for demonstrating due diligence in compliance with PCI
standards.
Your completed Information Security policies and procedures documents
also provide clarity in employee communications and provide a layer of
defense against liabilities associated with misconduct.
|