 |
|
The PCI Data Security Standard
|
|
The Payment Card Industry (PCI) Data Security Standard is a set of comprehensive security requirements that applies to merchants and service providers who process and/or store payment card information. The standard was developed by Visa and MasterCard, and has now been adopted by the other major credit card issuing companies.
The part of the standard that relates to security awareness and training is section 12.6 which requires merchants and service providers to:
Implement a formal security awareness program to make all employees aware of the importance of cardholder data security.
- Educate employees upon hire and at least annually.
- Require employees to acknowledge in writing that they have read and understood the company’s security policy and procedures.
Merchants and service providers are also required to provide appropriate training to staff with security breach response responsibilities.
A Cosaint SA-Center™ is ideally suited to establishing a training program which couples new-hire training with annual re-training without excessive administrative. It also automates reporting of policy affirmation. And Cosaint's courses cover the key elements of information security that apply to employees' handling of credit card data.
|
