Wednesday, May 15, 2013

Seminar Notes - Miscellaneous Notes

If you take plastic, then PCI applies to you.

PCI Scope includes
     If you store, process or transmit cardholder data
     Any connected systems

When shredding, you must use cross-cut shredders

PCL doesn't care about signatures

You cannot use wireless or bluetooth keyboards
You cannot process email transactions
You cannot process voice recordings

Finance leads PCI in 60% of organizations, The remaining organizations use a team of Finance and IT

PCI is a "business issue" not an "IT issue"

Compliance is "black and white".  Either you are compliant or you are not.

You can outsource processing, but not responsibility

The Attestation of Compliance (AOC) is usally signed by a C-level executive

You should only render services that you are fully qualified to do.

Local laws take precedence over PCI regulations

PCI Standards have a three year lifestyle before changes are put in place

No comments:

Post a Comment