Image Image Image Image Image Image Image Image Image

Policies & Procedures

Policies and procedures are required to support an organization’s compliance with TR-39 and PCI PIN security requirements. Every organization has the responsibility to document their entire key management policies and procedures and maintain records of all key management activities. It is also the responsibility of each organization to ensure the sufficiency of written and implemented policies and procedures when measured against the requirements for asymmetric and symmetric key management as outlined in TR-39 and PCI PIN guidelines.

Policies
Pol•i•cy1
\ˈpä-lə-sē\
Noun, often attributive
Plural: policies:
• Prudence or wisdom in the management of affairs
• Management or procedure based primarily on material interests
• A high-level overall plan embracing the general goals and acceptable procedures especially of a governmental body
1Reference: Merriam Webster online dictionary, retrieve February 4, 2014 from http://www.merriam-webster.com/dictionary/procedure
A policy is the high-level over-all plan of what an organization will do to meet the compliance requirements of a control objective.
A policy is statement usually one to two sentences outlining ‘what’ an organization will do be meet the requirements of a control objective.
For example a policy statement for TR-39 4.1.1 could be:
Any environment containing cryptographic keying material will be physically, logically, and procedurally protected.
Procedures
Pro•ce•dure1
\prəˈsējər\
Noun
Plural noun: procedures:
• A series of actions conducted in a certain way or order
• An established or accepted way of doing something.
• A medical treatment or operation.
1Reference: Merriam Webster online dictionary, retrieve February 4, 2014 from http://www.merriam-webster.com/dictionary/procedure
A procedure is a series of actions conducted in a certain way or order as a means to meet the requirements of a specific control objective.
A procedure is a “series of actions” i.e. detailed step-by-step activities, required and the order they are to be performed in, as a means to complete a specific process.