All card processing activities and related technologies must comply with the Payment Card Industry Data Security Standard (PCI-DSS). Card processing activities must be conducted as described herein and in accordance with the standards and procedures listed in the Related Documents section of this Policy. No activity may be conducted nor any technology employed that might obstruct compliance with any portion of the PCI-DSS.
As a minimum, this policy shall be reviewed annually and updated as needed to reflect changes to business objectives or the risk environment.
1. Applicability and Availability
This policy applies to all employees. Relevant sections of this policy apply to vendors, contractors, and business partners. The most current version of this policy is available from the appointed Compliance Officer and from the Directors of the Company.
2. Adherence to Standards
Standards must be maintained for applications, network components, critical servers, and wireless access points. These standards must be maintained in line with on-going requirements of the PCI DSS Compliance. Standards must include:
- Updating of anti-virus software and anti-malware software
- Prohibition of wireless activity in the defined secure area
- Prohibition of group and shared passwords