Content

The policy documentation pack you receive is organised hierarchically. All documents have been arranged to assist with implementation and cross reference against the PCI Data Security Standard.

On purchasing the pack, you will receive:

Policies. These are the actual policies that state your organisation's stance on every aspect of card processing. Your policy documents are organised into two levels. The top level consists of one overall strategic organisational policy. The remaining policies are referenced by this policy.

All policies cross reference to the PCI Data Security Standard. This is contained in a separate document that details a one to one mapping between each of the 12 PCI DSS sections and the policy reference contained in the pack.

Procedures. Sitting just below policies in the document hierarchy are Procedures. Whereas policies state your organisation’s stance on aspects of its card processing operations, procedures show how you go about achieving these aims.

Of the documents that are contained in our policy pack, it is normally the procedures that you will need to spend most time customising. The procedures are quite specific to your organisation’s approach to handling card data. We appreciate this and – rather than be prescriptive – we have provided actual examples to demonstrate the level of detail that you should be working to and some real life examples that might apply to your particular arrangements.

Forms. To support your procedures, we have provided a number of sample forms. These documents, once implemented, should be regularly updated (where applicable) to assist with operations and demonstrate that particular procedures are being followed.

Supporting information includes a getting started guide. It introduces the pack, how it all hangs together and how it can be customised to meet your PCI compliance requirements.