Header Art

 

Enduring Knowledge Publications

 

Credit Card Security Policies

PCI DSS 2.0

Version 1.0 - October, 31, 2012

 

 CONFIDENTIAL INFORMATION

This document is the property of Enduring Knowledge Publications; it contains information that is proprietary, confidential, or otherwise restricted from disclosure. If you are not an authorized recipient, please return this document to the above-named owner. Dissemination, distribution, copying or use of this document in whole or in part by anyone other than the intended recipient is strictly prohibited without prior written permission of Enduring Knowledge Publications.

Introduction and Scope

Introduction

This document explains Enduring Knowledge Publication’s credit card security requirements as required by the Payment Card Industry Data Security Standard (PCI DSS) Program.  Enduring Knowledge Publications management is committed to these security policies to protect information utilized by Enduring Knowledge Publications in attaining its business goals.  All employees are required to adhere to the policies described within this document.

Scope of Compliance

The PCI requirements apply to all systems that store, process, or transmit cardholder data.  Currently, Enduring Knowledge Corporation does not store cardholder data in electronic format, nor does it process or transmit any cardholder data on their systems or premises.  Retention of cardholder data, if any, shall be limited to paper reports or receipts.

Due to the limited nature of the in-scope environment, this document is intended to meet the PCI requirements as defined in Self-Assessment Questionnaire (SAQ) A, ver. 2.0, October, 2010.  Should Enduring Knowledge Publications implement additional acceptance channels, begin storing, processing, or transmitting cardholder data in electronic format, or otherwise become ineligible to validate compliance under SAQ A, it will be the responsibility of Enduring Knowledge Publications to determine the appropriate compliance criteria and implement additional policies and controls as needed.

Requirement 9:  Restrict Physical Access to Cardholder Data

Physically Secure all Media Containing Cardholder Data

Hard copy materials containing confidential or sensitive information (e.g., paper receipts, paper reports, faxes, etc.) are subject to the following storage guidelines:

Destruction of Data

All media containing cardholder data must be destroyed when no longer needed for business or legal reasons. (PCI requirement 9.10)

Hardcopy media must be destroyed by shredding, incineration or pulping so that card holder data cannot be reconstructed. Container storing information waiting to be destroyed must be secured to prevent access to the contents. (PCI Requirement 9.10.1)

Requirement 12:  Maintain a Policy that Addresses Information Security for Employees and Contractors

Service Providers

Enduring Knowledge Publications shall implement and maintain policies and procedures to manage service providers. (PCI requirement 12.8)

This process must include the following:

 

Return to Top