4. I Will NEVER Use the Words Fully-Compliant in Reference to Any Site, During Any ___

_____ (Dealer) CREDIT SECURITY POLICY for EMPLOYEES Revised xx/xx/08
1. All IP Credit/Debit SW sites require: Properly configured FIREWALL, updated ANTI-VIRUS software, and one the following applications: (DEALER should list their VALIDATED applications by name and version number here). If not, the_____(Dealer) tech will not install or upgrade the site without a properly executed ______(Dealer) CREDIT SECURITY WAIVER.
2. Database Backups: Always DELETED (or secured & validated) on hard drive (and network) during every INSTALL, UPGRADE, DIAL-IN, or ON-SITE call, if not previously performed. If site has any form of "logging" enabled (for troubleshooting), log must be DELETED as soon as work is complete.
3. IDs & Passwords (noted below) will be SET on every INSTALL or CHANGED during every UPGRADE. Items (a) and (b) will be performed on every DIAL-IN or ON-SITE call, if not previously performed.
a. Remote Support: (based on what product is used)
pcAnywhere. Customers (modem dial up or VPN only) still using pcAnywhere must provide: Username and Password unique for each site; Profiles for each account protected; Set to not start automatically when the computer is started; Each site's Remote and Host Profiles created in advance by ______(Dealer) designated personnel* and distributed to those that need them. LOGGING will be activated for all sites.
NetSupport Manager (NSM). Each person accessing the NSM Gateway must have a unique username and password. pcAnywhere is no longer supported by ____ (Dealer). Customers (modem dial up or VPN only) may still utilize pcA providing: Username and Password unique for each site; Profiles for each account protected; Set to not start automatically when the computer is started; Each site's Remote and Host Profiles created in advance by ____ (Dealer) designated personnel* and distributed to those that need them. LOGGING will be activated for all sites.
b. Router/Firewall. Password changed from default vendor password to one unique to each site, created in advance by designated personnel*; Configured to not allow remote management of the Router/Firewall; Set active and all non-essential Router protocols disabled.

4. I will NEVER use the words “fully-compliant” in reference to any site, during any ___ (Dealer) business communication. I understand that following every step above applies to only 2 (out of 12) Categories and 19 (out of 185) Subcategories required by the Merchant to meet “full PCI compliancy”. Using the words "fully-compliant" misleads a person into thinking they have no added responsibilities, when in fact, a site has 185 responsibilities to be “fully-compliant”. I will communicate this often and always.

As a ____ (Dealer) associate, I have read, understand, and will follow this ____ (Dealer) EMPLOYEE CREDIT SECURITY POLICY, and I will properly communicate this policy.
DATE ______
EMPLOYEE______