SlideShare a Scribd company logo

Compliance Newsletter_April

Download as DOCX, PDF
M
Megha Gupta

The newsletter provides updates on PCI compliance and upcoming projects. It reminds associates that the annual PCI audit is occurring and lists key reminders regarding PCI compliance, such as securing physical documents with credit card information and redacting sensitive data when it is no longer needed. It also announces that work is underway to rollout a new financial reporting automation solution by the end of the period to increase controls around reporting systems. Finally, it provides the timeline for upcoming SOX compliance tasks in May and links to updated policies.

1 of 1
MARRIOTT VACATIONSWORLDWIDE CONFIDENTIAL ANDPROPRIETARY INFORMATION Controls and Compliance Newsletter News and Trends In this issue,we remind associates thatthe Payment Card Industry (PCI) annual auditis occurring. See key reminders for Compliance with PCIrequirements are listed below also to gain a more thorough knowledge ofPCI MVWC practices follow this li nk to ISM-44 and supporting job aides. Please review this with your teams and stress its importance for MVWC security. Also see the following Forbes article which lists the consequences offailing PCIcompliance. Look What’s Headed Your Way! Work is underway to rollout the Financially Reported Sales Automation Solution at the end of Period 4. With this solution, MVWC will increase the controls around our reporting systems as well as provide enhanced controls to our overall reporting environment. Look for more information in our May Newsletter of the further benefits to your F&A teams. * Questions or concerns on this New sletter, please contact Mike Kiely in Controls and Compliance. APRIL 2016 ISSUE #4 2016 Sarbanes-Oxley Act (SOX) Compliance – Timeline* Internal Audit begins walkthroughs with Business Areas. Planning session with E&Y begins for SOX. In May we start the following key tasks: Recently Approved Policies and/or Standards Key Policy Updates  Email Signature Standard  Mobil Device Policy The follow ing is a link to our Policies and Standards page. Key Reminders for Associates Regarding PCI Compliance If an MVWC process is keeping forms that contain fullPAN (Primary Account Numbers on them) they need to make sure they can: DocumentRetentionPolicy: In addition to the document redaction policy, as an alternative, if a document containing PAN is no longer needed, it can also simply be destroyed if there is no requirement to retain the document itself. (See MVWP-15 or your departmental policies on document retention). If a document is not destroyed after it is no longer needed, then a w ritten procedure and localpolicy should exist that formally documents the length of time a document may be kept until it is redacted or destroyed. Physical DocumentSecurity:Physically securethe documents at all times. This includes keeping them in a locked file cabinet (or safe) in a secure area w ith limited access to those forms. DocumentRedaction Practices: Afterthe fullcredit card Primary Account Number (PAN) is no longer needed, the Payment Card Industry Data Security Standard requires that PAN be redacted fromprinted documents w ithin a reasonable timeframe.

Recommended

Infovest post trade compliance solution
Infovest post trade compliance solutionInfovest post trade compliance solution
Infovest post trade compliance solution
Simon Stillwell
 
Supply chain management
Supply chain managementSupply chain management
Supply chain management
shivamkanyal
 
How to Achieve PCI Compliance with an Enterprise Job Scheduler
How to Achieve PCI Compliance with an Enterprise Job Scheduler How to Achieve PCI Compliance with an Enterprise Job Scheduler
How to Achieve PCI Compliance with an Enterprise Job Scheduler
HelpSystems
 
Startup InsurTech Award - Procede
Startup InsurTech Award - ProcedeStartup InsurTech Award - Procede
Startup InsurTech Award - Procede
The Digital Insurer
 
December 2015 Compliance Newsletter
December 2015 Compliance NewsletterDecember 2015 Compliance Newsletter
December 2015 Compliance Newsletter
Ty Singletary
 
20 Ideas for your Website Homepage Content
20 Ideas for your Website Homepage Content20 Ideas for your Website Homepage Content
20 Ideas for your Website Homepage Content
Barry Feldman
 
Vendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIEC
Vendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIECVendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIEC
Vendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIEC
ControlCase
 
Verizon 2014 pci compliance report
Verizon 2014 pci compliance reportVerizon 2014 pci compliance report
Verizon 2014 pci compliance report
Bee_Ware
 

Recommended

Infovest post trade compliance solution
Infovest post trade compliance solutionInfovest post trade compliance solution
Infovest post trade compliance solution
Simon Stillwell
 
Supply chain management
Supply chain managementSupply chain management
Supply chain management
shivamkanyal
 
How to Achieve PCI Compliance with an Enterprise Job Scheduler
How to Achieve PCI Compliance with an Enterprise Job Scheduler How to Achieve PCI Compliance with an Enterprise Job Scheduler
How to Achieve PCI Compliance with an Enterprise Job Scheduler
HelpSystems
 
Startup InsurTech Award - Procede
Startup InsurTech Award - ProcedeStartup InsurTech Award - Procede
Startup InsurTech Award - Procede
The Digital Insurer
 
December 2015 Compliance Newsletter
December 2015 Compliance NewsletterDecember 2015 Compliance Newsletter
December 2015 Compliance Newsletter
Ty Singletary
 
20 Ideas for your Website Homepage Content
20 Ideas for your Website Homepage Content20 Ideas for your Website Homepage Content
20 Ideas for your Website Homepage Content
Barry Feldman
 
Vendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIEC
Vendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIECVendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIEC
Vendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIEC
ControlCase
 
Verizon 2014 pci compliance report
Verizon 2014 pci compliance reportVerizon 2014 pci compliance report
Verizon 2014 pci compliance report
Bee_Ware
 
Verizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance ReportVerizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance Report
- Mark - Fullbright
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Kimberly Simon MBA
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Kimberly Simon MBA
 
PCI at the POS / What’s New, What’s Next, and What Merchants Can Do to Simpl...
PCI at the POS / What’s New, What’s Next, and What Merchants Can Do to Simpl...PCI at the POS / What’s New, What’s Next, and What Merchants Can Do to Simpl...
PCI at the POS / What’s New, What’s Next, and What Merchants Can Do to Simpl...
Ingenico Group
 
Businesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docxBusinesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docx
dewhirstichabod
 
crucet1crucet2crucet
crucet1crucet2crucetcrucet1crucet2crucet
crucet1crucet2crucet
MargenePurnell14
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step Guide
AlienVault
 
Microsoft General - Checklist for Financial Institutions in Angola.pdf
Microsoft General - Checklist for Financial Institutions in Angola.pdfMicrosoft General - Checklist for Financial Institutions in Angola.pdf
Microsoft General - Checklist for Financial Institutions in Angola.pdf
adanilsoafricanocarv
 
CHAPTER 3 Security Policies and Regulations In this chap
CHAPTER 3 Security Policies and Regulations In this chapCHAPTER 3 Security Policies and Regulations In this chap
CHAPTER 3 Security Policies and Regulations In this chap
EstelaJeffery653
 
Tools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
Tools & Techniques for Addressing Component Vulnerabilities for PCI ComplianceTools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
Tools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
Sonatype
 
Regulatory compliance with winshuttle products v7 1docx (5)
Regulatory compliance with winshuttle products v7 1docx (5)Regulatory compliance with winshuttle products v7 1docx (5)
Regulatory compliance with winshuttle products v7 1docx (5)
Clinton Jones
 
Role of the virtual ciso
Role of the virtual cisoRole of the virtual ciso
Role of the virtual ciso
Michael Ball
 
Drug Quality and Security Act
Drug Quality and Security ActDrug Quality and Security Act
Drug Quality and Security Act
Ryan Sonnenberg
 
4 training courses on fda rules and regulations
4 training courses on fda rules and regulations4 training courses on fda rules and regulations
4 training courses on fda rules and regulations
OnlineCompliance Panel
 
Sample audit plan
Sample audit planSample audit plan
Sample audit plan
Maher Manan
 
Sap audit programs_and_ic_qs
Sap audit programs_and_ic_qsSap audit programs_and_ic_qs
Sap audit programs_and_ic_qs
Phong Ho
 
self_inspect_handbook_nisp.pdf
self_inspect_handbook_nisp.pdfself_inspect_handbook_nisp.pdf
self_inspect_handbook_nisp.pdf
wardell henley
 
When does a company need to be PCI compliant
When does a company need to be PCI compliantWhen does a company need to be PCI compliant
When does a company need to be PCI compliant
Divya Kothari
 
IT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsIT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet Systems
Visionet Systems, Inc.
 
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
FitCEO, Inc. (FCI)
 

More Related Content

Similar to Compliance Newsletter_April

Businesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docxBusinesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docx
dewhirstichabod
 
crucet1crucet2crucet
crucet1crucet2crucetcrucet1crucet2crucet
crucet1crucet2crucet
MargenePurnell14
 
CHAPTER 3 Security Policies and Regulations In this chap
CHAPTER 3 Security Policies and Regulations In this chapCHAPTER 3 Security Policies and Regulations In this chap
CHAPTER 3 Security Policies and Regulations In this chap
EstelaJeffery653
 
Sap audit programs_and_ic_qs
Sap audit programs_and_ic_qsSap audit programs_and_ic_qs
Sap audit programs_and_ic_qs
Phong Ho
 
When does a company need to be PCI compliant
When does a company need to be PCI compliantWhen does a company need to be PCI compliant
When does a company need to be PCI compliant
Divya Kothari
 
IT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsIT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet Systems
Visionet Systems, Inc.
 
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
FitCEO, Inc. (FCI)
 

Similar to Compliance Newsletter_April (20)

Verizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance ReportVerizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance Report
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
 
PCI at the POS / What’s New, What’s Next, and What Merchants Can Do to Simpl...
PCI at the POS / What’s New, What’s Next, and What Merchants Can Do to Simpl...PCI at the POS / What’s New, What’s Next, and What Merchants Can Do to Simpl...
PCI at the POS / What’s New, What’s Next, and What Merchants Can Do to Simpl...
 
Businesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docxBusinesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docx
 
crucet1crucet2crucet
crucet1crucet2crucetcrucet1crucet2crucet
crucet1crucet2crucet
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step Guide
 
Microsoft General - Checklist for Financial Institutions in Angola.pdf
Microsoft General - Checklist for Financial Institutions in Angola.pdfMicrosoft General - Checklist for Financial Institutions in Angola.pdf
Microsoft General - Checklist for Financial Institutions in Angola.pdf
 
CHAPTER 3 Security Policies and Regulations In this chap
CHAPTER 3 Security Policies and Regulations In this chapCHAPTER 3 Security Policies and Regulations In this chap
CHAPTER 3 Security Policies and Regulations In this chap
 
Tools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
Tools & Techniques for Addressing Component Vulnerabilities for PCI ComplianceTools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
Tools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
 
Regulatory compliance with winshuttle products v7 1docx (5)
Regulatory compliance with winshuttle products v7 1docx (5)Regulatory compliance with winshuttle products v7 1docx (5)
Regulatory compliance with winshuttle products v7 1docx (5)
 
Role of the virtual ciso
Role of the virtual cisoRole of the virtual ciso
Role of the virtual ciso
 
Drug Quality and Security Act
Drug Quality and Security ActDrug Quality and Security Act
Drug Quality and Security Act
 
4 training courses on fda rules and regulations
4 training courses on fda rules and regulations4 training courses on fda rules and regulations
4 training courses on fda rules and regulations
 
Sample audit plan
Sample audit planSample audit plan
Sample audit plan
 
Sap audit programs_and_ic_qs
Sap audit programs_and_ic_qsSap audit programs_and_ic_qs
Sap audit programs_and_ic_qs
 
self_inspect_handbook_nisp.pdf
self_inspect_handbook_nisp.pdfself_inspect_handbook_nisp.pdf
self_inspect_handbook_nisp.pdf
 
When does a company need to be PCI compliant
When does a company need to be PCI compliantWhen does a company need to be PCI compliant
When does a company need to be PCI compliant
 
IT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsIT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet Systems
 
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
 

Compliance Newsletter_April

  • 1. MARRIOTT VACATIONSWORLDWIDE CONFIDENTIAL ANDPROPRIETARY INFORMATION Controls and Compliance Newsletter News and Trends In this issue,we remind associates thatthe Payment Card Industry (PCI) annual auditis occurring. See key reminders for Compliance with PCIrequirements are listed below also to gain a more thorough knowledge ofPCI MVWC practices follow this li nk to ISM-44 and supporting job aides. Please review this with your teams and stress its importance for MVWC security. Also see the following Forbes article which lists the consequences offailing PCIcompliance. Look What’s Headed Your Way! Work is underway to rollout the Financially Reported Sales Automation Solution at the end of Period 4. With this solution, MVWC will increase the controls around our reporting systems as well as provide enhanced controls to our overall reporting environment. Look for more information in our May Newsletter of the further benefits to your F&A teams. * Questions or concerns on this New sletter, please contact Mike Kiely in Controls and Compliance. APRIL 2016 ISSUE #4 2016 Sarbanes-Oxley Act (SOX) Compliance – Timeline* Internal Audit begins walkthroughs with Business Areas. Planning session with E&Y begins for SOX. In May we start the following key tasks: Recently Approved Policies and/or Standards Key Policy Updates  Email Signature Standard  Mobil Device Policy The follow ing is a link to our Policies and Standards page. Key Reminders for Associates Regarding PCI Compliance If an MVWC process is keeping forms that contain fullPAN (Primary Account Numbers on them) they need to make sure they can: DocumentRetentionPolicy: In addition to the document redaction policy, as an alternative, if a document containing PAN is no longer needed, it can also simply be destroyed if there is no requirement to retain the document itself. (See MVWP-15 or your departmental policies on document retention). If a document is not destroyed after it is no longer needed, then a w ritten procedure and localpolicy should exist that formally documents the length of time a document may be kept until it is redacted or destroyed. Physical DocumentSecurity:Physically securethe documents at all times. This includes keeping them in a locked file cabinet (or safe) in a secure area w ith limited access to those forms. DocumentRedaction Practices: Afterthe fullcredit card Primary Account Number (PAN) is no longer needed, the Payment Card Industry Data Security Standard requires that PAN be redacted fromprinted documents w ithin a reasonable timeframe.