Address and close compliance and security gaps relating to PCI DSS Requirement 12
Establishes or updates security policies, procedures and documentation to ensure compliance with PCI DSS security policy needs as stipulated in Requirement 12
Review, update, and development of policies and procedures
Clearer well-defined policies means quicker, more thorough path to achieving and sustaining compliance
Defined progression towards PCI compliance
Streamlined policy development from identification through design to close gaps with new or updated policies
Policies and procedures designed by security experts, wireless experts and PCI compliance experts
Helps ensure that new processes, procedures or technologies do not introduce new risks or compliance threats
Provides final set of policies, procedures and documentation
PCI security policies are fully documented policy and implementation best practices are recommended
Increased staff awareness of security practices
With focus on security policies, overall security is improved, especially as related to PCI compliance and data security
Single trusted security partner
Part of end-to-end suite of Motorola PCI Security Services for seamlessly synchronized implementation
At a Glance: PCI Policy and Procedure Design Service
| What PCI Policy and Procedure Design Offers: | What it means to you: |
| Policy Review | Review of existing company security policies and practices; conduct interviews with staff to assess awareness of PCI-related security practices: -
Determine currency of policy assessment data -
Updates existing policies and procedures to close compliance and security gaps -
Interviews with stakeholders captures level of awareness of PCI DSS compliance requirements, and of overall company security policies |
| Policy Analysis | Determine the policy or set of policies required and identify as new or revised Clear direction for reducing risk and achieving compliance -
Improves overall security as well as compliance objectives -
Establishes the agreed-upon set of Information Security policies you will implement |
| Policy Development | Write, review and approve policies; map to PCI DSS requirements and identified gaps in customer compliance posture Policies and procedures designed by security experts, wireless experts, and PCI compliance experts* -
Helps ensure that new processes, procedures, or technologies do not introduce new risks or compliance threats -
Faster and less costly than internal development -
Lowers cost of compliance through operationalizing policies and procedures |
| Executive Summary | Deliver final set of written policies and procedures; prepare final report for customer records Clear communication of the impact of policy and compliance -
Provides clarity of roles and responsibilities for ongoing compliance activities -
Easier path to compliance with formal policies and procedures that document your efforts and actions to reduce risk and sustain compliance |
* Motorola is a member of the PCI Security Standards Council.
NOTE: For complete program details and information about availability in a specific country or geography, please contact your local Motorola representative.
The non-technical side of PCI compliance You’ve designed your network with security in mind. You’re monitoring and testing your network regularly, installing security patches when they become available, and keeping your anti-virus software up to date. From a systems standpoint you’re doing everything you can to protect your customers and yourself from data and security breaches.
Regardless of how many technical solutions your organization implements, your compliance efforts will not succeed over the long term unless people and processes in the organization are in alignment as well. In order to maintain adherence to the PCI standard, you not only need to be vigilant, monitoring systems 24 x 7, but also ensure that the right policies, procedures and processes are in place and enforced throughout the enterprise.
Streamlined policy development tailored to your business The Motorola PCI Policy and Procedure Design service can help you with the human side of PCI compliance. Under this service Motorola engineers from the Motorola Security Services team work with you to ensure that the information security policies and procedures to fulfill Requirement 12 of the PCI Data Security Standards are established.
The service starts with pre-Policy Assessment activities as we:
- Gather data on existing security procedures and policies
- Discuss your company’s strategy, security goals and business needs
- Interview employees to understand the level of awareness and adherence to existing PCI-related security policies and to better understand your company’s business model, and the scope and depth of the PCI security policies required.
Once we have a thorough understanding of the security practices you follow, the Motorola Security Services team will examine your organization’s existing security policies and processes to measure their effectiveness and the degree that they fulfill PCI requirements. As a result, some of your current security policies might need to be updated. Motorola Security Services will work with your security and operational staff to ensure that these changes are aligned with the organization’s operations and needs. If a new policy is required to address specific requirements, Motorola Security Services will work with your team to craft a policy that is aligned with your business strategy and that will help your business to stay PCI compliant.
After consideration of the existing PCI-applicable policies, Motorola will address security in three functional domains: Technology, Management, and Operational. For each of the defined policies within these domains, we will identify a spectrum of procedures that can best implement the policies of that domain.
Once these policies are reviewed and approved by you, the findings are presented in an executive summary demonstrating how the new policies and documentation meet PCI DSS requirements. A final set of Policies and Procedures is delivered, along with recommended procedures for policy implementation and communication to your employees.
Availability PCI Policy and Procedure Design Service is currently available in the U.S., Argentina, Brazil, Canada, Mexico, Bulgaria, Czech Republic, France, Germany, Greece, Hungary, Israel, Italy, the Middle East, Netherlands, Norway, Poland, Portugal, Romania, Russia, Spain, Sweden, Turkey, and the UK/Ireland. For complete program details and information about availability in a specific country, please contact your local Motorola representative or visit:
www.motorola.com/enterprise/contactus
PLACEHOLDER
PCI Planning and Assessment Service
