Blog

Understanding and Meeting PCI Compliance Policy Requirements

Date published:

Feb 16, 2022

VikingCloud Team

SHARE ON
SHARE ON

Regardless of the security or compliance framework you are mapping to, there will always be an established set of requirements stating that your business must have documented policies, procedures and standards in place. In this post I will clarify the difference between the three, and over a series of posts to come, I will provide you with a full set of free PCI compliance policy templates that you can use for meeting the related PCI DSS compliance obligations.

What’s in your policy documents?

After you’ve conducted your risk assessment—which is the foundation of your security program and defines what risks you are looking to address—it will be necessary that you DOCUMENT the Executive Management wishes. The act of documenting their wishes, in terms of their expectations of how an organization is to be run, is generally called a policy.

Your PCI policy sets the tone for the organization about addressing existing payment security risks by establishing requirements of things that must be done; therefore, when writing a policy, it’s important that you use commanding words, such as shall, must, will, etc. When you see a “policy” with words such as may, might, or when possible, these fall into the category of a guideline.

So, in short, a policy defines that something must be done. It does not contain information that denotes how it is to be done or what the tools are; these are your procedures and standards. When examining a procedure document, we generally look for the instructions on how to perform a specific action, as required by the policy. Think of it like a recipe, and your standards are the ingredients.

When assessing for compliance, we shouldn’t care what you call your policy. What is important is that you have a documented position about how to address the risk that the topic looks to address.

Get started with your PCI compliance policy.

As I mentioned above, this post is the beginning of a series of blogs. Each post will include a free PCI compliance policy template that you can use to meet your compliance efforts. However, please note that you will still have to develop your own procedures and standards to meet the obligations documented in your policy.

SHARE ON

Related Blogs

Stay up-to-date on the latest happenings in Cybersecurity and PCI Compliance.
View all blogs
Blog
Sep 19, 2024
What is Automated Penetration Testing?
Blog
Sep 12, 2024
ISO 27000 Family Standards
Blog
Sep 6, 2024
What is ISO 27001?
Andrea Sugden
Chief Sales and Customer Relationship Officer
Let’s Talk
To get started with a VikingCloud cybersecurity and compliance assessment, email, call or click:
Contact Us
Connect with us:
Stay in the know
Get VikingCloud Resources, News, & Views delivered straight to your inbox.
Solutions
Cybersecurity
Compliance & Risk
Security Testing
Asgard Platform
Why AsgardTourTechnology
About Us
Why VikingCloudLeadershipJoin Our TeamNews & Media
Resources
BlogEventsReports & White PapersWebinarsCase StudiesPress & NewsVlogsVideosInfographicsProduct DatasheetsCybersecurity GlossaryMedia Kit
Login
Asgard PlatformMyVikingCloudDigital Certificates Control CenterWeb Risk Monitoring
Contact
Contact Us24x7 Support
©2024 Viking Cloud, Inc. or its affiliates.