Jason Holstine Ministries Jason Holstine Ministries Information Security Policy Overview This policy is intended to relay the importance of security and protecting cardholder data. Purpose
This policy applies to all employees and systems of Jason Holstine Ministries and The Moveable Church. Policies to Protect and Manage Cardholder Data The importance of protecting cardholder data is paramount. Allowing data theft or destruction, inadvertently sharing confidential information, infecting system networks with viruses, misuse of company resources, allowing the theft of company property, and allowing the compromise of private or confidential company or client information are all very real examples of what might result from a security compromise. Hence the following measures: 1.0 A firewall is established and maintained between cardholder data and anybody other than those who have explicit permission. 2.0 All default logins and passwords are changed when installing any new software. 3.0 Strong cryptography and security protocols, such as SSL, SSH, TLS or IPSEC, are used to safeguard sensitive cardholder data during transmission over open, public networks. 4.0 All sending of unencrypted Primary Account Numbers by end-user messaging technologies (i.e., email, instant messaging, and chat) are strictly prohibited. If a PAN must be sent by end-user messaging, only email is allowed and the PAN will be encrypted using WinZip. The WinZip password will be communicated to the end user by means other than end user messaging (phone or fax is allowed). 1 _________________________________________________________________________________________________________________________ 5.0 JHM / TMC uses, updates, and maintains McAfee anti-virus software on all systems. 6.0 All software is updated with vendor supplied patches in a timely manner, all software applications are secured according to industry best practices, regular testing, validation and monitoring of all software applications. 7.0 Access to system components and cardholder data is limited to only those authorized individuals whose job require such access or have a need-to-know. This authority is granted by senior management and reviewed annually. 8.0 All paper that contains cardholder data is to be identified and physically destroyed. No electronic cardholder data will ever be stored on any system within the JHM / TMC company. 9.0 Strict control is maintained over the internal or external distribution of any kind of media that contains cardholder data
Policy Maintenance and Employee/Contractor Awareness 1.0 A review of this policy is conducted annually or as changes to the environment occur. 2.0 Usage of employee-facing technologies such as remote access, wireless, electronic media, internet, PDA’s and wireless will adhere to the following:
3.0 One or more employees will be designated with security responsibility. 4.0 Incident response documents will be created, reviewed by all employees, and will be updated on an annual basis. 2 _________________________________________________________________________________________________________________________ 5.0 These security policies will be formally reviewed annually with all employees/contractors. 6.0 A list of Service Providers must be maintained. This list will be updated and reviewed by senior management when necessary but at every 180 days. 7.0 Due diligence is to be performed prior to the engagement of Service Providers. Procedures performed will include when possible:
Senior Management Approval: Printed Name: __La Donna Holstine_______________ Signature: _________________________________ Title: __CEO___________________________ Date: __July 25, 2017_____________________ Revision History Updated Feb, 1, 2016 Updated July 25, 2017 3 |
