Compliance, Security & Risk Management


Risk Management

The sheet describes context, classification (priority, impact and proximity), roles, risk responses and risk management steps.

The risk responses are a combination of  Prince 2 and MSP.




The Payment Card Industry (PCI) is a council representing credit card brands like American Express, Master Card and Visa.

The council issued Data Security Standards (DSS) for all organizations that process credit cards like merchants, payment service providers, banks and suppliers that develop or host systems with credit card information. The standards describe technical and operational requirements to prevent fraud with credit cards.

Being compliant safeguards organizations for being liable for security breaches, substantial fines, reputational damages and loss of sales.

PCI DSS in a nutshell:

  • Don’t store and transmit credit card numbers unless you can do it very secure and very controlled.
  • Never store credit card pin code or verification codes