Businesses that need to comply with the Payment Card Industry Data Security Standard ( PCI DSS ) may find it easiest to use pre-made compliance security policy templates, which PCI DSS experts in many countries and industries can use.
Compliance with the standard is paramount in many businesses, but it can be difficult to achieve without documentation that has been researched and penned by experts in the field. The demand for compliance is only expected to grow as local and federal governments continue to require improved cyber security measures.
A good template will feature step by step instructions that are unique to merchants and service providers.
It’s important to note that there are split opinions on whether ensuring a business is compliant is up to the IT team specifically, or every employee at the company. According to ZDnet, Woolworth’s information risk manager Peter Cooper believes all members of an organisation are responsible for helping a business become PCI DSS compliant.
“One of the misconceptions about PCI compliance is that [Woolworths] thinks that it is my job. PCI compliance is everybody’s job,” he said, speaking at the recent CeBIT Future of Payments conference in Sydney.
“Not only am I responsible for delivery of PCI compliance at the company, but all of the people in the company can damage our level of compliance if they are not careful about what they are doing.”
Mr Cooper concluded that PCI compliance can almost be described as a “state of mind” that must exist everywhere in a company.
Whether it’s through a template or a third-party service, it’s clear that compliance is a goal all companies need to strive for. In addition to lowering the chance of data breaches, it also helps businesses learn how to better respond to incidents if and when they do happen.