Pci-Dss Policies And Procedures
https://stackoverflow.com/questions/12002887
-
26-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have bought PCI Compliant Security Policies and Procedures document from pcipolicy. Their written policies are ok.However, document does not help me on procedures. They just give the same suggestions with the https://www.pcisecuritystandards.org/
My question is anyone ever purchase them and how good are they? I am interested in purchasing documents from pcipolicyportal, do you suggest?
Solution
Procedures written by someone who has never seen the systems you have and who has no idea how you manage your systems are unlikely to be very useful for anything other than ticking a box. In addition, while that box may ask whether or not you have procedures, if the procedures don't reflect how you run your systems then the would probably be rejected by a QSA who is on the ball.
You could consider an approach of creating procedure documents as you go for a couple of months - each time you perform a task, document the steps that you undertake.
Procedures for PCI don't have to be in a given format or style, they just need to show enough information that the procedure (e.g. how you do system patching) can be understood.
