Does your business have a security awareness policy?
A security awareness policy helps with requirement (3.7) of Payment Card Industry Data Security Standards (PCI DSS).
The policy is an important document that sets out how a business complies with the PCI DSS Security Standards. For example, there is a requirement which states that personnel need to be aware of and follow security policies and documented operational procedures for managing the secure storage of cardholder data on a continuous basis.
We cannot stress enough the importance of all personnel handling cardholder data to know about this requirement and how to achieve this rather than being left to make their best guest as to what they think is “secure enough”.
The news has many stories of businesses failing to comply with this requirement and the damage it causes a business as well as the stress it causes to their customers.
To help busy business owners meet the expectations placed upon them, there is a template security awareness policy available at no additional charge through our PCI programme, which can be used to get you started.
The template is easy to complete. Once it has been completed the policy must be shared with employees and stored in an accessible location.
It is also recommended that every year employees review the policy, to make sure it is not forgotten. Therefore, the best practice is to ask employees to sign an acknowledgement, after they have read the policy and any updates, giving them an opportunity to ask any questions.
In addition, it is important that all employees know who to call if they suspect a data breach or the card machine is stolen. Failure to act promptly on such matters could have serious consequences for the business and card holders. Data breaches will invariably be discovered and so the sooner they are advised to the relevant persons the quicker actions can be taken to minimise the adverse consequences for all concerned.
Every year business owners who use card terminals are asked to attest that they are following the PCI DSS rules.
Consumers trust businesses to protect their card holder data and having a security awareness policy is a great way to document that you have a secure processes. More than this, by thinking about your security you are less likely to suffer a data breach.
If you have any questions concerning security awareness policies or PCI DSS compliance please contact our customer services team in the first instance on 0333 311 0200.