Solved

IT & Security Policies for PCI ISO certifications

Posted on 2014-12-20
4
114 Views
Last Modified: 2015-08-09
Is anyone can help to find the IT policies from the web templates or full documents
0
Comment
Question by:shamnad
  • 2
4 Comments
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 40511511
you can check out

ISO27001/2 for ISMS -  the toolkit comes in handy with implementation guidance to fulfill the domain stated in standard. The full list of 27000 series are also summarise for quick grasp. Of course, there are alternative templates commercially which you can catch the sample.
Note the latest 27001 should be based on 2013 instead of 2005. This pdf states the details going into the clauses, it has a nice table mapping of ISO/IEC 27001:2013 clauses to ISO/IEC 27001:2005.

PCI DSS - The best place to find out more of the security standard is still the main PCI DSS site itself which it list out the libraries and the version changes. Newest version is v3. These should be reference mainly for self-assessment and subsequently engaging external "checkers" for company compliance status.

SANS - This is another good place to find the standard IT security policy template for network, application and servers. There are also general domain covering user acceptance and end user usage.

Public - There are also templates from the public sector sharing in general IT security policy template though it is not specific to PCI or ISO. Do check out the incident mgmt and IT security section.

SSAE16 (or SAS 70)  - Here is another sharing of this standard which you can chanced upon often for security audit check by companies going for proofing their security control readiness based on risk assessment on their service offerings. The final output from the company compliance state is the Service Organization Controls (SOC) Report. They can be of  Type I or Type II or Type III
0
 

Author Comment

by:shamnad
ID: 40517845
Thank you for your valuable info
0
 
LVL 25

Expert Comment

by:madunix
ID: 40914039
1
 
LVL 62

Expert Comment

by:btan
ID: 40914603
Let us know if these are alright as the templates are more checklist and in specific the SANS and the iso2700x toolkit links we shared are good starter. Eventually if you are asked for compliance tools, look for SCAP supported ones.like nessus, qualysguard or OpenSCAP tool. they have ready templates in specific standards. Nist NvD shared has thd SCAP template to run the checker
1

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SLA Agreement Template 5 102
prepaid aircard, no mo fee 16 83
one day educational class for IT professionals.. (online ) 2 87
Advice Break Fix migration to Managed Services 2 130
It’s time to provide a tender presentation.           A short while back I was asked to attend my first tender presentation, I have never done one of these before, and I was very nervous as to what questions and how to prepare. So of to google and…
One of the biggest challenges facing freelancers is balancing multiple projects and deadlines. Organizational skills and time management are key to keeping up with projects and staying on track. Luckily, we’ve curated seven tools to help you focus o…
I designed this idea while studying technology in the classroom.  This is a semester long project.  Students are asked to take photographs on a specific topic which they find meaningful, it can be a place or situation such as travel or homelessness.…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now