Information Security Policy

Dexter's SD:
Information Security Policy

Information Security

The Company handles sensitive cardholder information daily. Sensitive information must have adequate safeguards in place to protect the cardholder data, ensure cardholder privacy, and comply with various regulations, thus safeguarding the future of the organization.

The Company commits to respecting the privacy of all its customers and to protecting any customer data from outside parties. To this end, management is committed to maintaining a secure environment in which to process cardholder information.

Network Security
A high-level network diagram of the network is maintained and reviewed on a yearly basis. This diagram provides an overview of the cardholder data environment (CDE) and illustrates critical system components within the CDE.

Additionally, ASV should be performed by a PCI SSC Approved Scanning Vendor, where applicable. Evidence of these scans should be maintained for 18 months.

Acceptable Use Policy
Management intends to protect the employees, partners, and the Company from illegal or damaging actions, whether knowingly or unknowingly by individuals. An approved list of technologies and devices will be maintained.

Protect Stored Data
All sensitive cardholder data must be securely protected against unauthorized use at all times. Any sensitive card data that is no longer required for business purposes must be discarded securely.

Information Classification
Data containing sensitive information must be labeled to indicate its sensitivity level. Confidential data includes cardholder data, while internal use data includes information that should be protected from unauthorized disclosure.

Access to Sensitive Cardholder Data
Access to sensitive cardholder information should be controlled and authorized. Any display of cardholder data should be restricted to the first 6 and last 4 digits.

The Company will ensure that a written agreement is in place for any third-party service providers that have access to cardholder data.

To ensure compliance, the Company will establish a process to monitor the PCI DSS compliance status of service providers.

For any inquiries regarding our Information Security Policy, please contact us.

Contact Us for More Information

Share with friends & Get 5% off