24. Media Device Protection Policy

Overview

In accordance with Payment Card Industry Data Security Standards (PCI DSS) requirements, UIT-PCI Compliance Services has established a formal policy and supporting procedures concerning media device protection. This policy is to be implemented immediately. It will be evaluated on an annual basis for ensuring its adequacy and relevancy regarding UIT-PCI Compliance Services’ needs and goals.

Policy

UIT-PCI Compliance Services will ensure that the Media Device Protection policy adheres to the following conditions for purposes of complying with the Payment Card Industry Data Security Standards (PCI DSS) initiatives (PCI DSS Requirements and Security Assessment Procedures):

• Authorized personnel are to conduct the following:
  • Maintain a list of all devices that capture payment card data, for which the list is to include the following:
    • Make, model of device
    • Location of device (for example, the address of the site or facility where the device is located)
    • Device serial number or other method of unique identification.
  • Periodically inspect all devices to ensure that they have not been tampered with nor substituted.
  • Adequately train personnel to be aware of suspicious behavior and to report tampering or substitution of devices.
  • Ensure that the list of devices is updated when devices are added, relocated, decommissioned.
  • Please have a written procedure of inspection to include the following:
    • frequency of the inspection
    • authorized personnel's names and job titles to perform the inspection
    • training material for the inspection
    • Evidence of the training
    • How to report suspicious behavior and indications of device tampering or substitution to appropriate personnel

Responsibility for Policy Maintenance

UIT’s PCI Compliance service is responsible for ensuring that the aforementioned policy is kept current as needed for purposes of compliance with the Payment Card Industry Data Security Standards (PCI DSS) initiatives.