Compliance Benefits Begin with a Plan

WHAT IS IT? 

A comprehensive, company-wide policy that addresses information security for all personnel is an integral part of PCI-DSS Compliance. An effective Policy and Procedures document ensures that every member of your organization has the necessary information and practices for maintaining year-round compliance.

WHY DO I NEED IT?

Many companies find it fairly easy to achieve one-time PCI-DSS compliance, but once the audit is over, they often struggle to stick to industry-best practices, leaving their information vulnerable to loss and theft.

Maintaining compliance continually—and not just after an audit— requires a written set of standardized policies and procedures that your personnel can rely on every day. These standards must be up to date, accurate, and specific enough to ensure that they can be followed in your daily operations.

CAN I DO IT MYSELF?

A comprehensive Policy and Procedures document is one of the most important components of PCI-DSS compliance. Many organizations try to cut corners by creating one on their own, without the necessary knowledge and expertise—often resulting in disastrous omissions or unclear language that hinders compliance.

At MegaplanIT, we know this can be a challenging and costly part of maintaining PCI-DSS compliance, which is why we include Information Security Policy and Procedure Assistance in our bundled services at no extra charge.

Our expert QSAs will partner with your IT staff to create a customized Policy and Procedures document. This blending of technical knowledge and expertise with insight on your unique environment allows for the creation of a tailor-made protocol that integrates seamlessly with your business’s existing procedures and operating system to effectively address each aspect of your information security needs. 


MegaplanIT’s Policy and Procedure Assistance: How it Works

MegaplanIT’s Policy and Procedure Development Process consists of three phases:

1
Policy and procedure data gathering

Our expert security consultant will begin by collecting and evaluating information about your existing security policies and working with your staff to define your company’s objective.

Once we’ve established your goals, MegaplanIT will conduct face-to-face interviews with key members of your information security team to gain an in-depth understanding of your IT operating environment. These comprehensive interviews will enable us to develop a thorough framework for your specific Policy and Procedure development process.

2
Documentation development

After the initial detailed evaluation of (1), your current policies and procedures and (2), the IT operations that fall within the scope of PCI requirements, your MegaplanIT consultant will work with you to draft a comprehensive Policy and Procedures document that most effectively supports your PCI compliance initiative.

3
Draft review, modification, and final delivery

Finally, your MegaplanIT consultant will review your newly drafted Policy and Procedures document with your designated representative to verify that all security compliance objectives are thoroughly addressed. We’ll also address any remaining questions or concerns you may have and make requested additions or modifications to your document. Once everything has met your approval, your MegaplanIT consultant will deliver the final, ready-to-implement Policy and Procedures document. 

NEED ANOTHER TYPE OF ASSESSMENT?
Select an assessment from the dropdown menu for more information.

MegaplanIT’s Security Policies

Our expert consultants bring hands-on experience from a wide range of industries and technical areas. Here is just a sample of the many policies we specialize in:

Security Management Policy
Third-Party Security
Policy Roles and Responsibilities
IT Change Control Policy
Data Classification and Control Policy
Data Retention and Disposal Policy
Data Access and Protection
Physical Access Security
System Protection
Paper and Electronic Media Policy

Firewall and Router Security Policy
System Configuration Policy
Anti-Virus Policy
Backup Policy
Information Encryption Policy
Special Technology Usage Policy
Software Development Policy
Security Incident Response Plan and Procedures
Employee Identification Policy

Security Awareness and Acceptable Use Policy
Hardware Configuration and Security Standards
Modem Use Policy
Laptop Use Policy
Disaster Recovery Plan - Security   Standards
Development Life Cycle Practices
Policy Enforcement

MegaplanIT Security Templates

MegaplanIT has developed a variety of Security Templates that make creating a comprehensive Policy and Procedures document easy and efficient. Our specialized Security Templates include:

Media Inventory Log
Backup Media Transfer Log
Special Technologies User List
Special Technologies Device List
Encryption Key Custodianship Form

Backup Media Log
System Configuration Record
Visitors Log
Periodic Operational Security Procedures
Permitted Network Services and Protocols

Authorization Request Form
Security Awareness and Acceptable Use Policy
Change Request Form