|
Payment Service Network, Inc. is a financial services firm that is dedicated to accurately facilitating funds transfers through an extensive online communications structure. Our online system serves to interconnect consumers, businesses and financial institutions.
The IT Department provides support for an Internet and Intranet architecture to support this mission. Payment Service Network, Inc. has custodial responsibility for confidential protected customer data as well as Payment Service Network business confidential data.
Payment Service Network takes this responsibility quite seriously, including providing adequate and appropriate security controls to ensure that the data remains both secure and confidential
Information Security Policy Statement
The Payment Service Network Security Policy forms the foundation of the corporate Information Security Program. Information security policies are the principles that direct managerial decision-making and facilitate secure business operations. A concise set of security policies enables the Information Systems Department Team to manage the security of information assets and maintain accountability. These policies provide the security framework upon which all subsequent security efforts will be based. They define the appropriate and authorized behavior for personnel approved to use Payment Service Network information assets.
Applicability
The Payment Service Network Security Policy applies to all employees, interns, contractors, vendors, and anyone using Payment Service Network assets. Policies are the organizational mechanism used to manage the confidentiality, integrity, and availability issues associated with information assets. Information assets are defined as any information system (hardware or software), data, networks, and components owned or leased by Payment Service Network or designated representatives.
Scope
The Payment Service Network Security Policies are used to define minimum security and control requirements for systems, applications, and networks managed, maintained, and administered by Payment Service Network. Supporting policies, included in this document provide more detail in the areas of:
- Personnel Security
- Data Classification and Handling
- Physical Security
- System Security
- Network and Perimeter Security
- Access Control
- Software Security
- Outsourced Processing
- Risk Assessment
- Incident Response and Disaster Recover
Payment Service Network uses networks, systems, and applications provided and managed by other Payment Service Network entities. Security policies, standards, and procedures are often dictated by the managing entity. If no policies, standards, or procedures are in place for these “non Payment Service Network” managed environments, the Payment Service Network Security Policy should be considered in effect.
The Payment Service Network Data Handling Requirements (refer to Data Classification Policy) shall determine the level of security required for processing, no matter which entity provides the technology.
Payment Service Network affiliates that have access to Payment Service Network managed systems, outsourced processing and storage facilities contracted by the IT Dept., and other “non Payment Service Network” entities that have a business-need to share data that is under Payment Service Network custody must have sufficient controls to meet the requirements of Payment Service Networks Security Policy and relevant security policies and standards.
Policy Maintenance & Approvals
Policies and related standards must be current to support changes in the operating environment used by Payment Service Network. Changes introduced into the environment, such as the use of new operating systems, could require changes to existing technical security standards and/or additional standards to be developed. Changes to policies and standards could result in supporting procedure changes.
At minimum, every year the Corporate Security Policies and related standards and procedures shall be reviewed to ensure they are appropriate and current by the CIO or the CSO.
References to Related/Supporting Policies and Standards
|
