PROTEL BPO PCI-DSS Policies Portal
Protecting Cardholder Data is Everyone’s Responsibility
Welcome !! This page provides important information about how we protect sensitive payment card data and what is expected from all employees.
What you need to do:
Review the policies listed below
Focus on policies applicable to your role
Complete the Acknowledgment Form after reviewing
Policy Applicability (IMPORTANT FOR USERS)
Not all policies apply to every employee. Please follow the guidance below:
π€ All Employees (Agents, Staff, Contractors):
Must review general security and acceptable use policies
π§πΌ Supervisors & Management:
Must review operational and compliance related policies
π§π» IT Department & Technical Teams:
Must review all technical, security, and infrastructure policies
PCI DSS Policies (Requirements 1–12)
Policy: Network Security Policy
Summary:
Defines how network systems (firewalls, routers, segmentation) are secured to protect sensitive data and prevent unauthorized access.
Who must review:
IT Team (Mandatory)
Management (Recommended)
π Review Policy: Link
π Acknowledge Here: Link
Policy: Vulnerability Management Policy
Summary:
Defines how vulnerabilities are identified, scanned, tested, and remediated to protect systems from security threats.
Who must review:
IT Team (Mandatory)
π Review Policy: Link
π Acknowledge Here: Link
Policy: Encryption of Transmitted Data Policy
Summary:
Ensures that all sensitive data is encrypted during transmission using secure protocols.
Who must review:
IT Team (Mandatory)
Management (Recommended)
π Review Policy: Link
π Acknowledge Here: Link
Policy: Asset Management Policy
Summary:
Defines how company assets are tracked, managed, and secured throughout their lifecycle.
Who must review:
IT Team (Mandatory)
Asset Owners / Supervisors (Required)
π Review Policy: Link
π Acknowledge Here: Link
Policy: System Administration Policy
Summary:
Defines system hardening, configurations, and security standards aligned with CIS benchmarks.
Who must review:
IT Team (Mandatory)
π Review Policy: Link
π Acknowledge Here: Link
Policy: Password & Access Policy
Summary:
Defines authentication, password requirements, and access control rules to ensure only authorized users access systems.
Who must review:
ALL Employees (Mandatory)
π Review Policy: Link
π Acknowledge Here: Link
Policy: Information Security Policy
Summary:
Provides overall security guidelines and responsibilities for protecting company information.
Who must review:
ALL Employees (Mandatory)
π Review Policy: Link
π Acknowledge Here: Link
Policy: Physical Access Policy
Summary:
Defines controls to restrict physical access to sensitive systems and areas.
Who must review:
All Employees (Awareness)
IT & Management (Mandatory)
π Review Policy: Link
π Acknowledge Here: Link
Policy: Change Management Policy
Summary:
Defines how system and infrastructure changes are controlled, approved, and documented.
Who must review:
IT Team (Mandatory)
Management (Required)
π Review Policy: Link
π Acknowledge Here: Link
Policy: Acceptable Use Policy
Defines acceptable and prohibited use of company systems and data.
Summary:
Who must review:
ALL Employees (Mandatory)
π Review Policy: Link
π Acknowledge Here: Link
Defines acceptable and prohibited use of company systems and data.
Summary:
Who must review:
ALL Employees (Mandatory)
π Review Policy: Link
π Acknowledge Here: Link