Maintain an Information Security Policy

Requirement 12: Maintain a policy that addresses information security for all personnel. #

This last section or requirement 12 highlights the requirement for a solid policy framework to provide safety and security to the data protection mechanism in any organization.
  • 12.1 A security policy should be well established, well published and well maintained for effective results.
  • 12.2 A risk assessment should be implemented that helps identify assets, critical threats.
  • 12.3 For various critical technologies, a policy guide should be created with its usage policy and its proper use should be well defined.
  • 12.4 The security policy and procedures of an enterprise should clearly define information security responsibilities of all employees.
  • 12.5 An individual or a team of individuals can be assigned information security management tasks.
  • 12.6 All employees must be well aware of the cardholder data security policies. To ensure everyone is aware of them same, security awareness program must of conducted.
  • 12.7 It is essential to run a background check of a person before hiring them. This helps keep internal attack at bay.
  • 12.8 Policies are required to manage service providers who have cardholder data that could suffer a breach.
  • 12.9 Service providers are should inform customers that they are responsible for the security of the cardholder data which they possess. They should take full responsibility.
  • 12.10 In case of a system breach, a suitable response must be ready to deal with it. This calls for implemention of an incident response plan.
  • 12.11 It needs to be confirmed if the everyone is following the security policies and operational procedures or not. Reviews can be conducted on a daily basis to to determine this.

Powered by BetterDocs

Ready to get Started?

Experience our Award-winning GRC platform!

Drive efficiency and value across your business with VComply’s user-friendly platform.
Product Enquiry
For any product enquiries, get in touch with a product specialist today!
Help Desk
Find your answers in our expansive knowledge base.
Start for Free
Speak to Our Compliance Expert
Get Case Study
Get Case Study
Get Case Study
Get Case Study
Get Case Study
Start a Free Trial