PCI Security Council Releases New Best Practices Document for PCI Compliance
On August 28th, the Payment Card Industry (PCI) Security Standards Council published an information supplement entitled, “Best Practices for Maintaining PCI DSS Compliance,” which contains important guidance for all companies, including hotels, that store, process, or transmit cardholder data. In the document, the Council cited statistics demonstrating that “organizations that suffered a data breach were less likely to be compliant with PCI DS than other organizations,” and stated, “[i]f organizations want to protect themselves and their customers from potential losses or damages resulting from a data breach, they must strive for ways to maintain a continuous state of compliance . . . .” Among the “best practices” recommended in the publication, were the following: (1) assign ownership for coordinating security activities within your organization; (2) emphasize security and risk, not just compliance; (3) continuously monitor security controls; (4) promptly detect and respond to security control failures; and (5) develop performance metrics to measure success.
With the rise of data breaches and increasing scrutiny by regulators over data security practices, it is more important than ever for hotels to properly train employees, and ensure that proper policies and systems are in place to adequately protect customer information, using guidance such as these best practices as a roadmap. Hotels can help protect themselves from the risk of data breach by properly training their employees to comply with robust data-security practices and policies by utilizing Venza’s PCI training modules or other custom learning solutions.
The Venza Group has partnered with the law firm Arnall Golden Gregory (AGG) to create a series of interactive eLearning modules to address PCI compliance in the hotel industry. Management, employees and IT are taught about the requirements they must support as part of the Payment Card Industry Data Security Standards. The Venza Group also has partnered with AGG to create an interactive eLearning module to train hoteliers on general privacy and security awareness issues and on sexual harassment prevention.