With the emergence of compliance as one of the key business challenges Australian business face ICE Systems can help shed light on what can be an uncertain area for IT and Business decision makers.
Government regulators both in Australia and the US have created a large set of regulations and frameworks to enforce protection of information, privacy and transparency of information.
Whether it is the challenge of meeting specific regulatory compliance requirements; or the implementation of a best practice framework; our team of experienced consultants will ensure maximum business benefit will be derived from the process.
PCI DSS Compliance
The Payment Card Industry (PCI) Data Security Standard (DSS) was developed by the PCI Security Standards Council, including American Express, MasterCard and Visa, (plus many others) to help proactively protect customer data on a global basis. PCI Compliance has become a business requirement for any company involved in the processing of credit card information. The data that PCI DSS is specifically trying to protect is the 16 digit account number on the front of your credit card. (Other personal information such as customer name, expiry and PIN are covered by other privacy standards and legislations). A company processing, storing, or transmitting credit card numbers must be PCI DSS compliant or they risk losing the ability to process credit card payments
The core of the PCI DSS is a group of principles and accompanying requirements, around which the specific elements of the DSS are organized:
Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications
Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data
Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes
Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security