The new standard, ISSA 5173, is designed to encourage SMEs to take steps to secure their customer and employee data and raise awareness of legislation that applies to them regarding data security.
The aims of the standard are to raise awareness of the importance of information security matters to SME organizations, to provide a centralized resource of information concerning security best practice for SMEs, and to provide an alternative to the audit-driven, lengthy, and paper-intensive processes sometimes adopted in order to achieve security.
The guidance, 'Knowing Your Regulatory Environment – Payment Card Industry', is the first in the series of documents to be published by ISSA UK and provides information about PCI DSS for small merchants, as well as some practical steps small merchants should be taking achieving compliance.
“While the PCI standards are very complex, like many other regulations the business owner is required to do the legwork to get up-to-speed with what they have to do. Also like many other regulations, it is easy to comply with them as long as the business processes are designed to meet their requirements”, the guidance concluded.