Seeking Guidance on Implementing PCI Compliance in HR Policies for Our Software Company

Dear Seniors,

We are a software company that specializes in financial services based in the UK, specifically related to the plastic card-based solution network. I have been tasked with working on PCI compliance related to HR policies. To briefly explain PCI compliance, it refers to Payment Card Industry (PCI) standards that must be implemented by software companies operating in the plastic card industry. There are several policies that HR needs to coordinate, such as:

1. Employee Background Check Policy
2. Roles and Responsibility Policy
3. Acceptable Use Policy
4. Physical Access Policy
5. Security Awareness Policy
6. Media Protection and Management Policy
7. Information Security Policy

The above policies need to be implemented by next month. Could anyone suggest where we can find the related information and the necessary checklist to maintain compliance? Please provide me with some information if anyone is aware of it.

Thanks in advance. Awaiting a quick response.

Regards,

Nisha.

Hello friend,

Some of the policy documents can be based on the study of links given below:

- [http://www.ntobjectives.com/datasheets/pcd_manual.pdf](http://www.ntobjectives.com/datasheets/pcd_manual.pdf)
- [https://www.pcisecuritystandards.org/pdfs/pci_dss_v1-1.pdf](https://www.pcisecuritystandards.org/pdfs/pci_dss_v1-1.pdf)
- [http://www.informationshield.com/papers/PCIStandardPolicyRequirements.pdf](http://www.informationshield.com/papers/PCIStandardPolicyRequirements.pdf)
- [Payment Card Industry Data Security Standard (PCI DSS) | Information Security & Privacy](http://arizona.edu) [*link updated to site home*] ([Search On Cite](https://www.citehr.com/results.php?q=Payment Card Industry Data Security Standard PCI DSS Information Security Privacy) | [Search On Google](https://www.google.com/search?q=Payment Card Industry Data Security Standard PCI DSS Information Security Privacy))

These will probably cover the security-related policies. You may need to develop your own policy for an employee background check, where you can mention that any employee recruited will be thoroughly checked for credentials. There are very good reference check companies like AuthBridge and FirstAdvantage, to name a few. They can suggest the kind of background check suitable for your company.

Hope this will be useful.

Regards,
Nishikant

Hi Nishikant,

Thank you for sharing the information on PCI standards. I know it's a very comprehensive subject, but please let me know if you have some standard documented procedure for PCI. Your reply actually puts me in a dilemma whether you have also worked on the same.

Please share your valuable thoughts if you come across some other information on the same.

Thanks again for sharing the information.