Customer has an annual assessment of their network, systems and processes to verify controls are in place and operational, and...

Customer has developed and enforces and acceptable use policy that applies to all employees and covers important security requirements, procedures...

Customer utilizes a third-party email phish platform to test employee awareness and provide training regarding email phishing attempts.  PCI DSS...

Customer provides at least bi-annual training and communication of system security, policies, and processes. PCI DSS 9.9.3, PCI DSS 12.6.1,...

Customer utilizes multiple levels of data backup which include at least one on-site backup system that is physically secured, and...

Employees are not allowed to install software or updates on network connected devices.  NIST 3.4.9