Comments on: Sample PCI-DSS Policy Part 6: Roles and Responsibilities

By: Chuck

Chuck — Tue, 24 Jan 2012 15:12:36 +0000

I subscribed to the newsletter. can you please send the policy template to me?

By: Mike

Mike — Tue, 05 Apr 2011 10:36:54 +0000

Please remember the PCI standard is there to protect your data. Just re-writing existing peoples work isn’t ideal. You will tend to skip other the actual point of the standard in favour of the “just tick the box” method.

You (depending on your merchant level) need to prove what you say in the policies. I had to write up something like 26 new policies. And document how, why and when certain procedures are performed. All employee’s had to re-sign a acceptable use policy etc etc etc….it is alot of work but worth it.

By: Andrew

Andrew — Tue, 28 Sep 2010 20:12:48 +0000

Is just rewriting all of this enough for the security policy. Do we have to create a whole incident response policy that goes in detail through the questions of 12.9.1?