Network Security.

PCI Data Security Standard and CCQ's Data Security Policy
Build and Maintain a Secure Network
PCI Requirement: Install and maintain a firewall configuration to protect cardholder data.
CCQ Policy: All of CCQ's computer are behind firewalls that are constantly being updated and all changes to our firewalls are logged.
PCI Requirement: Do not use vendor-supplied defaults for system passwords and other security parameters.
CCQ Policy: We do not use any vendor-supplied system passwords.
Protect Cardholder Data
PCI Requirement: Protect stored cardholder data
CCQ Policy: At no time does CCQ store full magnetic stripe data, PIN information or CAV2/CVC2/CVV2/CID information.
PCI Requirement: Encrypt transmission of cardholder data across open, public networks.
CCQ Policy: CCQ transmits all data using 128 bit SSL encryption.
Maintain a Vulnerability Management Program
PCI Requirement: Use and regularly update anti-virus software.
CCQ Policy: All servers maintained by CCQand have anti-ivirus software installed and definitions are updated regularly and audit logs are checked periodically.
Implement Strong Access Control Measures
PCI Requirement: Restrict access to cardholder data by business need-to-know
CCQ Policy: CCQ ensures that only employees that require access to cardholder data are granted access. CCQ performs full background screenings on all employees prior to hiring.
PCI Requirement: Assign a unique ID to each person with computer access.
CCQ Policy: Each user is assigned a unique user ID/password combination.
PCI Requirement: Restrict physical access to cardholder data.
CCQ Policy: Servers that hold all cardholder data are located in a secure facility. Only basic cardholder info is stored on our servers. No magnetic stripe data, PIN information or AV2/CVC2/CVV2/CID information is stored on CCQ-FM servers.
Regularly Monitor and Test Networks
PCI Requirement: Track and monitor all access to network resources and cardholder data.
CCQ Policy: All attempts to access network resources and cardholder data are logged and immediately altered to senior management at CCQ.
PCI Requirement: Regularly test security systems and processes.
CCQ Policy: CCQ undergoes extensive third party security tests against our systems and processes.
Maintain an Information Security Policy
PCI Requirement: Maintain a policy that addresses information security
CCQ Policy: A copy of CCQ's information security policy including external test results are available upon request.