Purpose

This policy establishes a framework for responding to security incidents involving payment card data at Operation Technology Group, TJ’s MCS. It is designed to meet PCI DSS SAQ-A requirements, ensuring swift and effective action to mitigate risks, protect cardholder data, and maintain compliance.

Scope

This policy applies to all employees, contractors, and third-party vendors handling payment card data or systems that process, store, or transmit such data.

Policy

  1. Incident Identification
    • All employees must remain vigilant for potential security incidents, such as: Unauthorized access to cardholder data.
    • Suspicious system behavior (e.g., unexpected changes, malware alerts).
    • Breaches or theft of physical devices storing cardholder data.
    • Any suspected or confirmed incident must be reported immediately to the designated incident response contact (e.g., IT administrator or compliance officer).
  1. Incident Containment

Upon identifying a security incident:

  • Immediate Actions: Disconnect affected systems from the network to prevent further compromise.
  • Disable compromised user accounts.
  • Secure physical areas if physical theft or tampering are suspected.
  • Prevent Spread:
  • Halt payment processing activities if the breach affects cardholder data.
  • Block unauthorized IP addresses or restrict access to impacted systems.
  1. Investigation and Mitigation

After containment, an investigation must be initiated to determine the scope and impact of the incident.

  • Identify the root cause of the incident.
  • Assess the extent of exposure to cardholder data.
    • Take corrective actions, such as: Removing malicious software.
    • Patching vulnerabilities in systems.
    • Strengthening access controls.
  1. Notification and Reporting

If the incident involves a confirmed breach of cardholder data:

  • Notify affected parties, including customers and stakeholders, as required by law.
  • Report the breach to payment brands, acquiring banks, and any regulatory authorities.
  • Provide a detailed summary of the incident, actions taken, and measures implemented to prevent recurrence.
  1. Recovery

Once the threat is eradicated, affected systems must be restored to normal operation.

  • Verify the integrity and security of systems before reconnecting to the network.
  • Monitor systems for any signs of recurring issues or new threats.
  • Resume payment processing activities only after ensuring all vulnerabilities have been addressed.
  1. Post-Incident Review

Following an incident, a review must be conducted to evaluate the response and identify areas for improvement.

  • Document the incident details, including the timeline, root cause, and actions taken.
  • Update security policies, procedures, and training based on lessons learned.
  • Conduct a follow-up review to confirm the effectiveness of implemented changes.
  1. Employee Training

Regular training sessions must be conducted to educate employees about recognizing security incidents and following the appropriate response procedures.

  1. Policy Review

This policy must be reviewed and updated annually or after any significant security incident to ensure continued alignment with PCI DSS requirements and best practices.

For more information on our Privacy Policy, you can visit https://optech.tech/privacy-policy.