12.1 Examine the information security policy and verify that the policy is published and disseminated to all relevant system users (including vendors, contractors, and business partners)
[PCI DSS 1.x] 12.1 Establish, publish, maintain, and disseminate a security policy that accomplishes the following
[READ-ONLY] Archives [RETIRED] PCI DSS v.1.x Questions and Answers Maintain an Information Security Policy
Example of a Security Policy…
Is there somewhere I can go to get an example of a Security Policy for a small shop that doesn’t “intentionally” store card data?
When writing a pci policy - do you need to address all requirements in pci-dss standard or those that relate to the SAQ you complete? If you answer N/A to one of the questions on the SAQ do you still need to have this item addressed in your policy?