Q. (cont.) We currently do not have formal policies in that area and would like to see best practice involving other PCI-compliant companies. We do not want to reinvent the wheel here, but tweak it to our own needs.
A. We have two templates that you may find helpful. On the Network under Resources click the link AP Policy Manual and Templates – then go to the third page of results to find:
- Purchase Card Policy
- Purchase Card Policy—Code of Conduct
Q. Thank you for the response. However, my question was not in regards to purchasing cards. I was asking more about credit card handling by our AR team. We currently accept credit card payments over the phone and on our website. I was trying to see if you have or can get any policies or templates to address that kind of credit card handling. If we have the groundwork, we can tweak to our needs and make changes as we become PCI compliant.
A. My apology for the mix-up. We do not have a policy template specifically addressing card handling policy, but we will do some research to see if we can find something for you.
You are probably already familiar with the PCI Security Standards Council, but here is their web site and a link to a PCI Guide: