Network Security.

PCI Data Security Standard and CCQ's Data Security Policy

Build and Maintain a Secure Network

PCI Requirement: Install and maintain a firewall configuration to protect cardholder data.

CCQ Policy: All of CCQ's computer are behind firewalls that are constantly being updated and all changes to our firewalls are logged.

PCI Requirement: Do not use vendor-supplied defaults for system passwords and other security parameters.

CCQ Policy: We do not use any vendor-supplied system passwords.

Protect Cardholder Data

PCI Requirement: Protect stored cardholder data

CCQ Policy: At no time does CCQ store full magnetic stripe data, PIN information or CAV2/CVC2/CVV2/CID information.

PCI Requirement: Encrypt transmission of cardholder data across open, public networks.

CCQ Policy: CCQ transmits all data using 128 bit SSL encryption.

Maintain a Vulnerability Management Program

PCI Requirement: Use and regularly update anti-virus software.

CCQ Policy: All servers maintained by CCQand have anti-ivirus software installed and definitions are updated regularly and audit logs are checked periodically.

Implement Strong Access Control Measures

PCI Requirement: Restrict access to cardholder data by business need-to-know

CCQ Policy: CCQ ensures that only employees that require access to cardholder data are granted access. CCQ performs full background screenings on all employees prior to hiring.

PCI Requirement: Assign a unique ID to each person with computer access.

CCQ Policy: Each user is assigned a unique user ID/password combination.

PCI Requirement: Restrict physical access to cardholder data.

CCQ Policy: Servers that hold all cardholder data are located in a secure facility. Only basic cardholder info is stored on our servers. No magnetic stripe data, PIN information or AV2/CVC2/CVV2/CID information is stored on CCQ-FM servers.

Regularly Monitor and Test Networks

PCI Requirement: Track and monitor all access to network resources and cardholder data.

CCQ Policy: All attempts to access network resources and cardholder data are logged and immediately altered to senior management at CCQ.

PCI Requirement: Regularly test security systems and processes.

CCQ Policy: CCQ undergoes extensive third party security tests against our systems and processes.

Maintain an Information Security Policy

PCI Requirement: Maintain a policy that addresses information security

CCQ Policy: A copy of CCQ's information security policy including external test results are available upon request.