Want a Word document copy of the entire policy template? Sign up for theĀ PCI DSS Guru newsletter and receive a free copy that you can edit and use in your organization!

(7.1) Procedures for data control must be maintained by each department and must incorporate the following:

  • Access rights to privileged User IDs are restricted to least privileges necessary to perform job responsibilities
  • Assignment of privileges is based on individual personnel’s job classification and function
  • Requirement for an authorization form signed by management that specifies required privileges
  • Define access needs and privileges for each job role.