[PCI DSS 1.x] 12.1 Establish, publish, maintain, and disseminate a security policy that accomplishes the following

12.1 Examine the information security policy and verify that the policy is published and disseminated to all relevant system users (including vendors, contractors, and business partners)

Example of a Security Policy…

Is there somewhere I can go to get an example of a Security Policy for a small shop that doesn’t “intentionally” store card data?

Policy document

When writing a pci policy - do you need to address all requirements in pci-dss standard or those that relate to the SAQ you complete? If you answer N/A to one of the questions on the SAQ do you still need to have this item addressed in your policy?