PCI Compliance involves much more than the software your company uses. It also involves the practices and procedures of your company.
Below are a few of the ways that Fishbowl secures data.
- The Fishbowl database does not store credit card numbers or security codes. instead, Fishbowl utilizes secure wallets.
- The LDAP tab of the Company module options allows integration with an LDAP server. This increases password security by allowing users to log into Fishbowl with their domain password.
- Fishbowl utilizes access rights to control which users have access to each part of the software.
Below is a list of level 4 compliance for your reference. PCI compliance is not a federal law, and as such state and local laws may dictate requirements in addition to PCI compliance standards. In all cases Fishbowl must be used in the appropriate way to maintain compliance with such laws. Remember that Fishbowl is simply a business tool that must be used in harmony with laws and correct processes.
|Install and maintain a firewall configuration to protect cardholder data.|
|Do not use vendor-supplied defaults for system passwords and other security parameters.|
|Protect stored cardholder data.|
|Encrypt transmission of cardholder data across open, public networks.|
|Use and regularly update anti-virus software.|
|Develop and maintain secure systems and applications.|
|Restrict access to cardholder data by business need to know.|
|Assign a unique ID to each person with computer access.|
|Restrict physical access to cardholder data.|
|Track and monitor all access to network resources and cardholder data.|
|Regularly test security systems and processes.|
|Maintain a policy that addresses information security.|
Data pulled from PCI Compliance website