Information Security Policy

Policy Statement

We are committed to safeguarding customer information and combating fraud. We operate with a mission to provide the most secure and reliable payment solutions for you.

To accomplish this, we dedicate significant resources toward a strong infrastructure, and adheres to both strict internal security policies and industry security initiatives.

Review and Update of the Policy Statement

The Policy Statement and associated company Policies are reviewed at least annually by Tech Harbor’s PCI Review Team to ensure:

PCI compliance Logo

Certificate
The last update of this policy was: April 20, 2012

TABLE OF CONTENTS

Purpose & Scope

Purpose

This document details the security strategy for Tech Harbor in relation to the storage, processing and transmission of credit card data. Its aim is to provide a detailed understanding of Information Security responsibilities for all levels of staff, contractors, partners and third parties that access Tech Harbor’s credit card processing network.

As part of Tech Harbor’s Payment Card Industry (PCI) Compliance program, consideration has been made to Credit Card Processing operations. Guidelines and controls form an essential part of the company’s compliance status against the PCI Data Security Standard.


Scope

This document should be reviewed by parties involved with Tech Harbor’s credit card processing operations. Specifically:

This document should also be used for reference purposes when Tech Harbor undertakes its annual PCI compliance review.  The policy framework maps directly to the PCI DSS.

Annual Policy Review

All Information Security Policies are reviewed on a regular (at least annual) basis.

The review process ensures that:

PCI DSS Requirements Overview

Here are the requirements for all levels of PCI compliance.  Loganville Linux is currently certified to Self Assessment Questionaire A v2.0

Build and Maintain a Secure Network

Requirement 1: Install and maintain a firewall configuration to protect cardholder data. 
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data
Requirement 3: Protect stored cardholder
Requirement 4: Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software or programs
Requirement 6: Develop and maintain secure systems and applications

Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need to know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data

Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes.

Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security for all personnel.
 

Eligibility to Complete SAQ A

Required Policies for Self-Assessment Questionaire A

Requirement 9 Restrict physical access to cardholder data

All documents containing any element of cardholder data or customer bank account information will be maintained in a locked, secured fashion with limited access.

Requirement 12 Maintain an Information Security Policy

This policy is established to address information security needs for Loganville Linux.

It is the policy of Loganville Linux to only shares cardholder data with service providers who are PCI Compliant

Our current provider is Authorize.Net which PCI compliant (verify)

All service providers are reviewed on an annual basis

It is approved by the Chief Executive Office of Tech Harbor, Inc, Michael Pierce