Help Center/ SecMaster/ User Guide/ Security Governance/ Security Compliance Pack Description
Updated on 2023-03-09 GMT+08:00

Security Compliance Pack Description

Security Governance provides security compliance packs. You can select the required security compliance pack by following the guide provided therein.

Security Standard

Security Governance provides the following compliance packs listed in Table 1 for you to comply with various privacy protection laws. You can refer to the guidelines and subscribe to compliance packs as you need.

Table 1 Security standards compliance packs

Pack

Description

Applicable Region

Category

Domain

Guidelines

PCI DSS

This compliance pack provides check items and guidelines to help you evaluate your data security management. It also suggests improvements based on the internationally recognized Payment Card Industry Data Security Standard (PCI DSS) Version 3.2.1 May 2018 to help you comply with the terms.

Global

Industry standards

Data security

  1. Applicable to entities that handle payment cards. These entities include merchants, processing organizations, receipt organizations, card issuing organizations, and service providers.
  2. Applicable to entities that store, process, or transmit cardholder data, such as main account information (PAN, usually a bank card number), cardholder name, card validity period, and business code, or sensitive verification data, such as full track data, credit card security code, and PIN.
  3. Applicable to entities that need to detect data security risks and obtain risk control measures.

Subscribe to this pack if your entity meets any of the preceding descriptions.

ISO/IEC 27001:2013

This compliance pack provides check items and guidelines to help you evaluate your data security management. It also suggests improvements based on ISO 27001:2013 – Information Security Management Systems to help you comply with the terms.

Global

International standards

Information security

ISO 27001 is a globally recognized standard for information security. It adopts a process-based approach for establishing, implementing, operating, monitoring, maintaining, and improving your information security management system.

Subscribe to this pack to identify and manage the security risks of information you hold.

ISO/IEC 27701:2019

This compliance pack provides check items and guidelines to help you evaluate your data security management. It also suggests improvements based on ISO 27701:2019 – Privacy Information Management Systems to help you comply with the terms.

Global

International standards

Privacy protection

  1. Applicable to entities that are responsible for Personally Identifiable Information (PII) as it poses privacy requirements on how to collect, use, transmit, store, and delete data. PII (also referred to as "personal data" in this pack) includes name, phone number, email address, and ID card information.
  2. Applicable to entities that work as PII controllers (also referred to as "data controllers" in this pack) and/or PII processors (also referred to as "data processors"). PII controllers are privacy stakeholders who determine the purposes and methods of PII processing, while PII processors are privacy stakeholders who process the data based on these purposes and methods.
  3. Applicable to entities that need to detect privacy protection risks and obtain risk control measures

Subscribe to this pack if your entity meets any of the preceding descriptions.