Information Security (external)
The company has extensive policies, procedures, measures and controls in place to meet the technical and organisational measures required of an Information Security program. As these controls and measures require a large document regime, we retain our Information Security program externally from our compliance manual at [insert location/hyperlink to Info Sec program.]
[We have included a template for this document in 04_Info_Sec_Policies]
8.5 PCI Compliance
If you take, use or store cardholder data, then by law you must be compliant with the Payment Card Industry Security Standards Councils regulations and guidance. The Council is responsible for managing the security standards; however, it is the payment card brands (Visa, MasterCard etc.) who enforce compliance with the PCI Data Security Standards (PCI DSS).
The company confirms that we are PCI compliant and have a valid certification which covers our payment system. Our staff are fully trained on the requirement under the PCI DSS and have prompt reminders on screen or in hard copy format when taking payments.