PCI-DSS assessment is applicable to organizations that deal with credit, debit, and cash card transactions. It is intended to protect the cardholders so that their personal information cannot be misused. It defines strict parameters for the organizations so that the cardholders’ information can be protected. The compliance is performed once per year by a qualified security assessor, who is provided by the PCI Security Standards Council or internally for small data amount cases. PCI DSS goes through the following four phases:
- Pre-engagement
- Engagement: Penetration testing
- Post-engagement
- Reporting and documentation
GDPR stands for General Data Protection Regulation. It's the core of Europe's digital privacy legislation.
Contracts are mutual agreements that are enforceable by law and require an authorized representative from each party to sign the contract.
Managed services are often marked by detailed service level agreements (SLAs), which typically include provisions for:
- Performance;
- Security;
- Efficiency;
- Accountability;
- response times;
- Relevant upgrades.
A confidentiality agreement is a legally binding contract between two or more parties, often an employer and employee, in which at least one of the parties agrees not to disclose certain information. These are also known as an NDA or non-disclosure agreement.
A statement of work (SOW) is a document routinely employed in the field of project management. It is the narrative description of a project's work requirement.
The SOW details the following information:
- Purpose: Reason of the project.
- Scope of work: Work activities.
- Location of Work: Where the work will be performed.
- Period of performance: Timeline of project.
- Deliverable schedule Project artifacts and due dates.
- Applicable industry standards: Relevant criteria that must be followed.
- Acceptance criteria: Conditions that must be satisfied.
- Special requirements: Travel, workforce requirements (certifications, education).
- Payment schedule: Negotiated schedule of payment (possibly derived from MSA).
A non-disclosure agreement is signed between both parties, where each of the parties is defined clearly. It mandates that the confidential information must not be shared with a third-party.
- Definition of Confidential Information
- Purpose of the NDA
- No Disclosure clause mentioning that the recipient should protect the information as they protect their own
- Duration of the agreement
- Severability
- Exclusions from the confidential information
The intent of an NDA is simple - the owner of the information needs a written surety from the recipient that the information will not be shared with an unauthorized party.
An MSA is used typically when two parties intend to work for a long time or over multiple projects. In such a scenario, an MSA is created that broadly lists the work to be done over a period of time. The total cost of the work is defined. It is created before a Statement of Work (SOW) is created.
- Payment terms: Negotiated schedule of payment.
- Product warranties: Assurance that a product meets certain.
- Intellectual property ownership: Copyrights, patents and trademarks.
- Dispute resolution: Defines a process for resolving differences.
- Allocation of risk: Provision that defines levels of responsible in certain circumstances.
- Indemnification: