PCI Requirement 12.8 & 12.8.1 – Maintain and Implement Policies and Procedures to Manage Service Providers with whom Cardholder Data is Shared
by Randy Bartels / July 3rd, 2018
Service Providers with Access to Cardholder Data No organization can do everything themselves. Back-up tape storage facilities, web-hosting companies, security service providers –…
PCI Requirement 12.7 – Screen Potential Personnel Prior to Hire
by Randy Bartels / July 3rd, 2018
Screening Candidates PCI Requirement 12.7 impacts your human resources department and hiring process. We've focused so much on external risks, but PCI Requirement 12.7…
PCI Requirement 12.6.1 – Educate Personnel Upon Hire and at Least Annually
by Randy Bartels / July 3rd, 2018
Education for Personnel As part of your security awareness program, PCI Requirement 12.6.1 asks that you educate personnel upon hire and at least…
PCI Requirement 12.6 – Implement a Formal Security Awareness Program to Make All Personnel Aware of the CHD Data Security Policy and Procedures
by Randy Bartels / July 3rd, 2018
Developing a Security Awareness Program PCI Requirement 12.6 requires that your organization implement a formal security awareness program to make all personnel aware…
PCI Requirement 12.5.5 – Monitor and Control All Access to Data
by Randy Bartels / July 3rd, 2018
Someone to Monitor and Control All Access to Data PCI Requirement 12.5.5 states, “Monitor and control all access to data.” Really, this is…