Policies and Procedures

Policies and Procedures

PCI-DSS implies having and maintaining procedures and policies, having them drafted and implementing them. When many organizations face the PCI-DSS, they do not have the above or are not 100% adapted to the standard. A2SECURE provides support throughout this process.
This service is aimed at helping our clients throughout the whole process needed to adapt existing procedures or policies to the particularities of PCI-DSS, or directly to create from scratch the policies and procedures needed in line with the situation of the client.
Our aim is to minimize the impact and resources necessary for our clients.

Such projects are developed in a three-phase methodology which is detailed below:

“For eDreams, as low-cost flights leader, security is a key issue. That is why we work with A2SECURE.“

eDreams ODIGEO CTO

Initial Analysis

Developing a GAP Analysis project, our client’s particular situation is studied.
This is both its existing documentation and its implemented processes, although these are not documented. These are correlated with the standard for assessing the status of the organization’s compliance with PCI-DSS.
Conducting this study, it is possible to adapt or propose the policies or procedures necessary to comply with the standard.

Development

Based on the analysis developed in the first phase, it is possible to proceed to the documentation of policies and procedures as required by the standard. It is very important to develop this work bearing in mind the particularities of the client and its resources.

Implementation

Finally, having the policies and procedures comes the most important moment: their implementation. A2SECURE supports the client in this first phase of the set-up to ensure success through training and awareness campaigns.

Why A2SECURE?

As a QSA company and through our experience, we can help you to adapt PCI-DSS as much as possible to your business processes, not the other way around.

It is important to understand the norm and what is intended, in order to align the requirements to the particularities of your organization.

If you want to know more about our service, do not hesitate to contact us.

Consulta a un experto

Si quiere contratar alguno de nuestros servicios o hablar con un experto que le aconseje sobre nuestras soluciones, aquí encontrará nuestros datos para contactar con nosotros.