PCI DSS: Policies and procedures

Requirement 12 of the PCI DSS (Payment Card Industry Data Security Standard) requires organisations to actively manage their data protection responsibilities by establishing, updating and communicating security policies and procedures aligned with the results of regular risk assessments.

Deploying security technologies can only go so far in protecting an organisation and helping maintain compliance. Policies are needed to address the weak link in security – people. 

If people don’t know or understand what’s expected of them, they can put cardholder data at risk, regardless of the other security measures you have in place. Policies play an important role in securing data. They are the foundation for everything else as they provide direction and instruction and assign responsibility. 


Join our QSAs (Qualified Security Assessors) to understand how to develop PCI policies, including: 

  • The differences between a policy, a form and a procedure; 
  • How to identify which policies and clauses you need to address; and 
  • How to clearly state your organisation’s tasks and responsibilities when handling payment card data. 
This website uses cookies. View our cookie policy
SAVE 10%
ON SELECTED
TRAINING