Comments on: A Sample Policy for PCI-DSS http://www.pcidssguru.com/policy/a-sample-policy-for-pci-dss/ Practical Implementation Guidance on the Payment Card Industry Data Security Standard Fri, 14 Jun 2013 06:29:56 +0000 hourly 1 http://wordpress.org/?v=3.4.2 By: Otavio Macedo http://www.pcidssguru.com/policy/a-sample-policy-for-pci-dss/comment-page-1/#comment-43622 Otavio Macedo Tue, 29 Jan 2013 16:40:03 +0000 http://www.pcidssguru.com/pci-dss/a-sample-policy-for-pci-dss/#comment-43622 Good tips! I was just looking for quick start guide like this. Now, suppose my company is applying for PCI compliance. Can I show the QSA only these general guidelines? Or will he ask me for the more specific standards and procedures? Good tips! I was just looking for quick start guide like this.

Now, suppose my company is applying for PCI compliance. Can I show the QSA only these general guidelines? Or will he ask me for the more specific standards and procedures?

]]> By: Bob Binney http://www.pcidssguru.com/policy/a-sample-policy-for-pci-dss/comment-page-1/#comment-4179 Bob Binney Tue, 12 Jul 2011 19:10:08 +0000 http://www.pcidssguru.com/pci-dss/a-sample-policy-for-pci-dss/#comment-4179 Looking forward to working with your policy template to begin the process. Looking forward to working with your policy template to begin the process.

]]> By: Tom Cornelius http://www.pcidssguru.com/policy/a-sample-policy-for-pci-dss/comment-page-1/#comment-41 Tom Cornelius Mon, 15 Sep 2008 20:20:56 +0000 http://www.pcidssguru.com/pci-dss/a-sample-policy-for-pci-dss/#comment-41 The interesting thing most people do not understand is that without the ability to document due care and due diligence on behalf of the company, the company can be found negligent for failing to adhere to known standards. The PCI DSS is a non-regulatory requirements, so the government does not have a play. However, being a legally-binding document, the PCI DSS can bring a Merchant into a courtroom. If one requirement from the PCI DSS is not met, the Merchant is technically non-compliant. If the Merchant is non-compliant, the Merchant is technically negligent. Where most business owners do not realize the risk is that insurance does not cover acts of negligence and the entire cost of the data breach, from fines to lawsuits and chargebacks will be completely left to pay by the Merchant. This could spell immediate bankruptcy for most Level 3 or Level 4 merchants. In simple terms, everyone needs robust policies and ensure those standards are being met. The cost of prevention is immensely less than that to clean up after a breach. The interesting thing most people do not understand is that without the ability to document due care and due diligence on behalf of the company, the company can be found negligent for failing to adhere to known standards.

The PCI DSS is a non-regulatory requirements, so the government does not have a play. However, being a legally-binding document, the PCI DSS can bring a Merchant into a courtroom. If one requirement from the PCI DSS is not met, the Merchant is technically non-compliant. If the Merchant is non-compliant, the Merchant is technically negligent.

Where most business owners do not realize the risk is that insurance does not cover acts of negligence and the entire cost of the data breach, from fines to lawsuits and chargebacks will be completely left to pay by the Merchant. This could spell immediate bankruptcy for most Level 3 or Level 4 merchants.

In simple terms, everyone needs robust policies and ensure those standards are being met. The cost of prevention is immensely less than that to clean up after a breach.

]]>