Does anyone here have experience implementing PCI DSS (Data Security Standard)

M

Moonlight17

#1
Hi All,
Does any one out there have any experience with implementing PCI (Payment Card Industry Security Standards Council) DSS (Data Security Standard)? :bigwave:
 
Elsmar Forum Sponsor
M

Moonlight17

#4
Thanks Steve,
We are getting started with this and have had a preliminary assessment by a local company as part of our gap analysis.
I have been looking for information posters that we can post on Notice Boards and the intranet to share with staff. Also internal training methods - something basic we can pass on to all production staff.
Do you have anything you can share Steve?

Many thanks
 

SteveK

Trusted Information Resource
#5
Other than a Corporate Information Security Policy ? which I basically pinched from the ?ether? and isn?t really specific to PIC - I haven?t got anything. Sorry.

Steve
 
I

infosaas

#6
Yes, have done two of these so far.

I guess that you have already been to the PCI DSS website and downloaded the assessment framework (now at version 3.0). Much of it is a direct match to some of the elements of ISO27001, whereas the key differences relate to specific technical controls which are not specifically highlighted by the 27k standard.

You also need to categorise your organisation into one of four levels, based around number of card transactions and values, which will determine the approach and resources you to need to become PCI DSS certified. At the top end you will need to engage an "ASV" - an external security scanner approved to highlight technical vulnerabilities, and a "QSA" - an external security assessor to come on-site and conduct the assessment.

Hope this helps ....
 
M

Moonlight17

#7
Hi All,
Happy to share that we had our external assessment to PCI DSS (Level 1) in January and sailed through.

Thanks to all at the Cove for help and assistance. You are all :magic:
 
M

Moonlight17

#9
Hi there Ajay,

Many thanks for your message.
We got through the stage 1 certification in January - no problem.
This was for the document storage/access control/security.

We will move on to stage 2 next - so may be calling for help again soon!!

Thanks again :thanks:
 
Thread starter Similar threads Forum Replies Date
J Does anyone here use ISOXpress/IMSXpress QMS software? Software Quality Assurance 11
I Does anyone here have experience with ISO 3951? Other ISO and International Standards and European Regulations 3
B Does anyone here have any experience with the Deming Prize? Quality Tools, Improvement and Analysis 1
Marc Does anyone here have Pergo Flooring? After Work and Weekend Discussion Topics 18
ScottK Does anyone else here Read and/or Collect Comic Books? Coffee Break and Water Cooler Discussions 20
V Quality Module - Does anyone here use the IQMS Quality Module in your ERP system? Quality Assurance and Compliance Software Tools and Solutions 10
A Does anyone have a checklist of API Spec 650 13th Edition? Oil and Gas Industry Standards and Regulations 0
P Does anyone have a API Q1 Documentation Package? Quality Management System (QMS) Manuals 1
J Does anyone have an excel IATF 16949 Internal Audit checklist I could use? IATF 16949 - Automotive Quality Systems Standard 7
C Document Control Stamps - Does anyone still stamp their documents? Document Control Systems, Procedures, Forms and Templates 24
MDD_QNA QR Code Standard ISO/IEC 15417:2007 - Does anyone use it? Other Medical Device Related Standards 3
W Does anyone have an API Q2 checklist for internal auditing? Oil and Gas Industry Standards and Regulations 1
GreatNate Metrotom - Does anyone have any exposure to the Zeiss Metrotom 800 or 1500? Manufacturing and Related Processes 0
M Honda Audits - Does anyone have any experience with the QAV audit? General Auditing Discussions 4
Q Does anyone have experience implementing a QMS without ISO certification? Quality Manager and Management Related Issues 2
K Does anyone have a copy of a GM 5 Phase Problem solving form Problem Solving, Root Cause Fault and Failure Analysis 1
M Does anyone has a good verification and validation plan template? ISO 13485:2016 - Medical Device Quality Management Systems 3
B Does anyone charge for annual layouts? APQP and PPAP 8
N Does anyone know a registrar that offers both ISO 9001 and ISO 17020? Registrars and Notified Bodies 6
W Does anyone have any experience with the Easy Metric System? General Measurement Device and Calibration Topics 2
J Does anyone have a good APQP template that meets IATF requirements? APQP and PPAP 3
D IATF 16949 - 8.5.2.1 Traceability Plan - Does anyone have an example? IATF 16949 - Automotive Quality Systems Standard 4
C Does anyone have an AS9100:2015 audit schedule template? AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 1
R Does anyone have example test report of defibrillator IEC 60601 - Medical Electrical Equipment Safety Standards Series 0
G Definition Parallel Loop - Does anyone know what the term Parallel loop means? Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 2
B Does Anyone utilize MS Outlook Read Receipts ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
L Does anyone know what is going on in DQS? Registrars and Notified Bodies 1
P Scope Document - Does anyone happen to have an Example Scope Document (4.3)? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
A Does anyone have a comparison between ISO 9001:2015 and ISO 13485:2016? ISO 13485:2016 - Medical Device Quality Management Systems 2
D Does anyone have a list of the IATF "Shalls" they would be willing to share? IATF 16949 - Automotive Quality Systems Standard 4
S Plant within a Plant - Does anyone currently manage their facility this way? AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 2
E Does anyone have experience implementing a Tiered QMS? AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 3
J Does anyone have an example Authority Listing SOP example? Misc. Quality Assurance and Business Systems Related Topics 3
SteveK Does anyone know what a healthcare GDSN data pool actually looks like? Hospitals, Clinics & other Health Care Providers 2
R Does anyone have any experience on change control? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
ScottK Does anyone have experience with how MDD unanounced audits of suppliers are going? EU Medical Device Regulations 21
A Does anyone have experience providing a summary of Pre-IDE discussions in the 510k US Food and Drug Administration (FDA) 1
S Does anyone use the Boeing STP0565 and STP0637 specs? AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 2
M Does anyone have a breakup of Establishments based on Device Classes ? Other US Medical Device Regulations 1
R Legal Register - Does anyone have an example of a legal register? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
A MDS software - Does anyone have experience with iPoint? RoHS, REACH, ELV, IMDS and Restricted Substances 8
P Does anyone have a DFMEA process Interface Matrix .xls template FMEA and Control Plans 7
S Does anyone know about FIAT Normation N.9.91320/02 ? Customer and Company Specific Requirements 2
R Does anyone know why the TC 176 website has been hijacked by CSA? ASQ, ANAB, UKAS, IAF, IRCA, Exemplar Global and Related Organizations 1
S Does anyone have procedure on "Regulatory Compliance"? US Food and Drug Administration (FDA) 18
K Q1-Ford - Does anyone have any Q1 templates? Document Control Systems, Procedures, Forms and Templates 2
G Does anyone have a ISO 13485 Gap Analysis form they'd be willing to share? Quality Manager and Management Related Issues 3
C List of QMS Documents - Does anyone have a template? AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 5
A Does anyone go Mushroom Hunting Coffee Break and Water Cooler Discussions 18
J Does anyone have experience in submitting TSE Dossiers to EDQM? EU Medical Device Regulations 1
Similar threads


















































Top Bottom