ACCOUNT_JOB_COMPANY's (the “Company”) is in the business of
The Payment Card Industry Data Security Standards (the “PCI DSS”) is a mandated set of security requirements that apply to all transactions surrounding the payment card industry and the merchants or organizations that accept these cards as a form of payment.
The purpose of this PCI Compliance Policy is to:
This policy is intended to be used in conjunction with the complete PCI-DSS requirements as established and revised by the PCI Security Standards Council.
This Policy applies to all employees of the Company, any of our subsidiaries or their employees, systems, and processes involved in the storage, processing, or transmission of payment card information on the Website.
COMPANY_GOALS
(a) All payment card data transmitted over public networks must be encrypted
(b) Payment card data storage is strictly prohibited unless necessary for business purposes
(c) Access to payment card data is restricted on a need-to-know basis. The level of access is determined by job requirements; based on the least privilege model.
(d) Regularly monitor and test security systems and processes.
(e) Annual PCI training to all employees of the Company to ensure understanding of the policies and procedures surrounding this activity
Maintain an incident response plan outlining procedures to be followed in the event of a security incident.
Promptly report any suspected or confirmed security incidents to the designated security officer.
........................................