Does anyone here have experience implementing PCI DSS (Data Security Standard)

M

Moonlight17

#1
#1
Hi All,
Does any one out there have any experience with implementing PCI (Payment Card Industry Security Standards Council) DSS (Data Security Standard)? :bigwave:
 
GAGEpack - Gage & Calibration Management
Elsmar Forum Sponsor
M

Moonlight17

#4
#4
Thanks Steve,
We are getting started with this and have had a preliminary assessment by a local company as part of our gap analysis.
I have been looking for information posters that we can post on Notice Boards and the intranet to share with staff. Also internal training methods - something basic we can pass on to all production staff.
Do you have anything you can share Steve?

Many thanks
 
S

SteveK

#5
#5
Other than a Corporate Information Security Policy ? which I basically pinched from the ?ether? and isn?t really specific to PIC - I haven?t got anything. Sorry.

Steve
 
I

infosaas

#6
#6
Yes, have done two of these so far.

I guess that you have already been to the PCI DSS website and downloaded the assessment framework (now at version 3.0). Much of it is a direct match to some of the elements of ISO27001, whereas the key differences relate to specific technical controls which are not specifically highlighted by the 27k standard.

You also need to categorise your organisation into one of four levels, based around number of card transactions and values, which will determine the approach and resources you to need to become PCI DSS certified. At the top end you will need to engage an "ASV" - an external security scanner approved to highlight technical vulnerabilities, and a "QSA" - an external security assessor to come on-site and conduct the assessment.

Hope this helps ....
 
M

Moonlight17

#7
#7
Hi All,
Happy to share that we had our external assessment to PCI DSS (Level 1) in January and sailed through.

Thanks to all at the Cove for help and assistance. You are all :magic:
 
M

Moonlight17

#9
#9
Hi there Ajay,

Many thanks for your message.
We got through the stage 1 certification in January - no problem.
This was for the document storage/access control/security.

We will move on to stage 2 next - so may be calling for help again soon!!

Thanks again :thanks:
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
J Does anyone here use ISOXpress/IMSXpress QMS software? Software Quality Assurance 12
I Does anyone here have experience with ISO 3951? Other ISO and International Standards and European Regulations 3
B Does anyone here have any experience with the Deming Prize? Quality Tools, Improvement and Analysis 1
Marc Does anyone here have Pergo Flooring? After Work and Weekend Discussion Topics 18
ScottK Does anyone else here Read and/or Collect Comic Books? Coffee Break and Water Cooler Discussions 20
V Quality Module - Does anyone here use the IQMS Quality Module in your ERP system? Quality Assurance and Compliance Software Tools and Solutions 10
R Does anyone know how ASQ exam requirements are verified? Professional Certifications and Degrees 3
B Does anyone copyright their internal QMS documents? Document Control Systems, Procedures, Forms and Templates 24
G Does anyone know about tobacco-free nicotine pouches? US Food and Drug Administration (FDA) 2
R Does anyone use iQMS for their ISO based document control? Manufacturing and Related Processes 5
Q Does anyone know what this call out means? Manufacturing and Related Processes 3
H Does anyone has feedback on a notified body for small companies? EU Medical Device Regulations 3
S Does anyone have a checklist to prepare for ISO 13485, Stage I audit? ISO 13485:2016 - Medical Device Quality Management Systems 3
N Does anyone use SGS for ISO 13485 / CE certification Registrars and Notified Bodies 0
U Does *anyone* know a lab that will test to EN 455-4 Medical Gloves shelf life determination? EU Medical Device Regulations 1
N Does anyone have experience of GB/T 34986-2017? China Medical Device Regulations 1
Z Does anyone have experience with EN ISO 17664 ? IEC 62366 - Medical Device Usability Engineering 9
F Does anyone have an ESD quality/cooler talk to share? Training - Internal, External, Online and Distance Learning 4
A Does anyone have a checklist of API Spec 650 13th Edition? Oil and Gas Industry Standards and Regulations 0
P Does anyone have a API Q1 Documentation Package? Quality Management System (QMS) Manuals 1
J Does anyone have an excel IATF 16949 Internal Audit checklist I could use? IATF 16949 - Automotive Quality Systems Standard 7
C Document Control Stamps - Does anyone still stamp their documents? Document Control Systems, Procedures, Forms and Templates 24
MDD_QNA QR Code Standard ISO/IEC 15417:2007 - Does anyone use it? Other Medical Device Related Standards 3
W Does anyone have an API Q2 checklist for internal auditing? Oil and Gas Industry Standards and Regulations 1
GreatNate Metrotom - Does anyone have any exposure to the Zeiss Metrotom 800 or 1500? Manufacturing and Related Processes 0
M Honda Audits - Does anyone have any experience with the QAV audit? General Auditing Discussions 13
Q Does anyone have experience implementing a QMS without ISO certification? Quality Manager and Management Related Issues 2
K Does anyone have a copy of a GM 5 Phase Problem solving form Problem Solving, Root Cause Fault and Failure Analysis 1
M Does anyone have a good verification and validation plan template? ISO 13485:2016 - Medical Device Quality Management Systems 8
B Does anyone charge for annual layouts? APQP and PPAP 8
N Does anyone know a registrar that offers both ISO 9001 and ISO 17020? Registrars and Notified Bodies 6
W Does anyone have any experience with the Easy Metric System? General Measurement Device and Calibration Topics 2
J Does anyone have a good APQP template that meets IATF requirements? APQP and PPAP 3
D IATF 16949 - 8.5.2.1 Traceability Plan - Does anyone have an example? IATF 16949 - Automotive Quality Systems Standard 4
C Does anyone have an AS9100:2015 audit schedule template? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
R Does anyone have example test report of defibrillator IEC 60601 - Medical Electrical Equipment Safety Standards Series 0
G Definition Parallel Loop - Does anyone know what the term Parallel loop means? Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 2
B Does Anyone utilize MS Outlook Read Receipts ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
L Does anyone know what is going on in DQS? Registrars and Notified Bodies 1
P Scope Document - Does anyone happen to have an Example Scope Document (4.3)? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
A Does anyone have a comparison between ISO 9001:2015 and ISO 13485:2016? ISO 13485:2016 - Medical Device Quality Management Systems 2
D Does anyone have a list of the IATF "Shalls" they would be willing to share? IATF 16949 - Automotive Quality Systems Standard 4
S Plant within a Plant - Does anyone currently manage their facility this way? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
E Does anyone have experience implementing a Tiered QMS? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
J Does anyone have an example Authority Listing SOP example? Misc. Quality Assurance and Business Systems Related Topics 3
S Does anyone know what a healthcare GDSN data pool actually looks like? Hospitals, Clinics & other Health Care Providers 2
R Does anyone have any experience on change control? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
ScottK Does anyone have experience with how MDD unanounced audits of suppliers are going? EU Medical Device Regulations 21
A Does anyone have experience providing a summary of Pre-IDE discussions in the 510k US Food and Drug Administration (FDA) 1
S Does anyone use the Boeing STP0565 and STP0637 specs? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2

Similar threads

Top Bottom