Discover Meal Prep San Antonio's rigorous commitment to data security with our PCI DSS Policy. Learn how we safeguard payment card data through encryption, access controls, and compliance measures, ensuring the trust and confidentiality of our customers' sensitive information.

​

1. Purpose The purpose of this policy is to establish guidelines and procedures for Meal Prep San Antonio's compliance with the Payment Card Industry Data Security Standard (PCI DSS). This policy outlines the measures that Meal Prep San Antonio will take to ensure the security of payment card data and maintain the trust of its customers.

​

2. Scope This policy applies to all personnel, systems, processes, and technologies involved in the handling, processing, transmission, and storage of payment card data within Meal Prep San Antonio.

​

3. Policy Statement

​

3.1 Data Protection and Security Meal Prep San Antonio is committed to protecting payment card data by implementing adequate security measures to prevent unauthorized access, disclosure, alteration, or destruction. Payment card data, including cardholder data and sensitive authentication data, will be safeguarded through encryption, access controls, and other necessary security mechanisms.

​

3.2 Compliance with PCI DSS Meal Prep San Antonio shall adhere to the Payment Card Industry Data Security Standard (PCI DSS) requirements. This includes maintaining compliance with the latest version of the PCI DSS and implementing necessary controls to ensure the confidentiality, integrity, and availability of payment card data.

​

3.3 Risk Assessment and Management Regular risk assessments shall be conducted to identify potential vulnerabilities and threats to payment card data. Mitigation strategies will be developed, implemented, and monitored to address identified risks effectively.

​

3.4 Access Controls Access to payment card data will be restricted to authorized personnel with a legitimate business need. User access will be granted based on the principle of least privilege, and strong authentication mechanisms will be implemented to ensure secure user identification and access.

​

3.5 Encryption Payment card data, both in transit and at rest, shall be encrypted using industry-standard encryption methods. Strong encryption protocols will be employed to protect data from unauthorized access or interception.

​

3.6 Security Awareness and Training All employees who handle payment card data will receive regular training on security best practices, the importance of PCI DSS compliance, and their roles and responsibilities in safeguarding payment card data.

​

3.7 Incident Response Meal Prep San Antonio will establish an incident response plan to address any potential security breaches involving payment card data. The plan will include procedures for detection, containment, eradication, and recovery, as well as communication with affected parties and regulatory authorities as required.

​

3.8 Auditing and Monitoring Continuous monitoring and auditing of systems and processes will be carried out to detect and respond to any unauthorized activities related to payment card data. Logs will be retained as required by PCI DSS for review and analysis.

​

4. Non-Compliance Non-compliance with this PCI DSS policy may result in disciplinary action, up to and including termination of employment. Additionally, non-compliance with PCI DSS requirements may expose Meal Prep San Antonio to legal and financial liabilities.

​

5. Review and Revision This policy will be reviewed and updated on an annual basis or whenever there are significant changes to the organization's payment card data environment or the PCI DSS itself.

​

6. Approval This PCI DSS policy is approved by Meal Prep San Antonio and will be effective as of 8/16/2023.

​

7. Document Control This policy will be maintained, distributed, and accessible through Meal Prep San Antonio. All personnel handling payment card data are responsible for familiarizing themselves with the policy and adhering to its requirements.

​

8. Contact Information For any questions or concerns related to this policy, please contact Support.

​

​