4. Fully-Compliant Cannot Be Referenced to Any Site, During Any ______(Dealer) Business

______(Dealer name) CREDIT SECURITY WAIVER Revised xx/xx/07
______(Company Name) hereby declines the installation of software designed to comply with the current PCI Data Security Standard, and/or declines any of the other ______(Dealer) EMPLOYEE CREDIT SECURITY POLICY requirements as noted below, items 1-4. By so declining, we acknowledge our full responsibilities for any financial penalties incurred.
By (print) ______
By (signature) ______
Date ______
_____ (Dealer) CREDIT SECURITY POLICY for EMPLOYEES Revised xx/xx/07
1. All IP Credit/Debit SW sites require: Properly configured FIREWALL, updated ANTI-VIRUS software, and one the following applications: (DEALER should list their VALIDATED applications by name and version number here). If not, the_____(Dealer) tech will not install or upgrade the site without a properly executed ______(Dealer) CREDIT SECURITY WAIVER.
2. Database Backups: Always DELETED (or secured & validated) on hard drive (and network) during every INSTALL, UPGRADE, DIAL-IN, or ON-SITE call, if not previously performed. If site has any form of "logging" enabled (for troubleshooting), log must be DELETED as soon as work is complete.
3. IDs & Passwords (noted below) will be SET on every INSTALL or CHANGED during every UPGRADE. Items (a) and (b) will be performed on every DIAL-IN or ON-SITE call, if not previously performed.
a. Remote Support: (based on what product is used)
pcAnywhere. Customers (modem dial up or VPN only) still using pcAnywhere must provide: Username and Password unique for each site; Profiles for each account protected; Set to not start automatically when the computer is started; Each site's Remote and Host Profiles created in advance by ______(Dealer) designated personnel* and distributed to those that need them. LOGGING will be activated for all sites.
NetSupport Manager (NSM). Each person accessing the NSM Gateway must have a unique username and password. pcAnywhere is no longer supported by ____ (Dealer). Customers (modem dial up or VPN only) may still utilize pcA providing: Username and Password unique for each site; Profiles for each account protected; Set to not start automatically when the computer is started; Each site's Remote and Host Profiles created in advance by ____ (Dealer) designated personnel* and distributed to those that need them. LOGGING will be activated for all sites.
b. Router/Firewall. Password changed from default vendor password to one unique to each site, created in advance by designated personnel*; Configured to not allow remote management of the Router/Firewall; Set active and all non-essential Router protocols disabled.

4. “Fully-compliant” cannot be referenced to any site, during any ______(Dealer) business communication. Following every step above applies to only 2 (out of 12) Categories and 19 (out of 185) Subcategories required for meeting “full PCI compliancy”. A site has 185 responsibilities to be “fully-compliant”.