Compliance and Regulatory PCI, ISO 9001 & ISO 27001

iso27k_isms_implementation_and_certification_process_v4_full

 

iso-27k

  • QMS audit and certification
  • Internal Auditor for ISO 9001

9001-pdca-cycle

PCI DSS compliant pci-dss-compliant

PCI DSS Requirements

pci-dss-requirements

Secure network

  1. A firewall configuration must be installed and maintained
  2. System passwords must be original (not vendor-supplied)

Secure cardholder data

  1. Stored cardholder data must be protected
  2. Transmissions of cardholder data across public networks must be encrypted

Vulnerability management

  1. Anti-virus software must be used and regularly updated
  2. Secure systems and applications must be developed and maintained

Access control

  1. Cardholder data access must be restricted to a business need-to-know basis
  2. Every person with computer access must be assigned a unique ID
  3. Physical access to cardholder data must be restricted

Network monitoring and testing

  1. Access to cardholder data and network resources must be tracked and monitored
  2. Security systems and processes must be regularly tested

Information security

  1. A policy dealing with information security must be maintained

PCI DSS Compliance Levels

pci-compliance-levels

Evangelos Neroladakis, Telecoms Professional, Technology specialist, Digital and Social media observer, Photography enthusiast