Information Security Policy (ISP)
An ISP outlines how your business processes payment cards safely and securely. PCI DSS requires every compliant business to have an Information Security Policy.
What it covers:
This document outlines the steps your business, staff, and any third parties must follow when handling sensitive data like card numbers.
Implementation requirements:
- Tailor the document to suit your business needs
- Store it securely in your business
- Ensure everyone reads and signs it
Review and update annually to reflect any changes.
Getting the template:
You can access the ISP template by:
- Requesting it via email from the support team
- Downloading it from your PCI DSS online portal when completing your business profile
Next steps:
Once you confirm you will implement or already have an Information Security Policy in place, this requirement will be automatically populated in the SAQ section of your online reporting.