JD Williams, like other Retailers, are aware of the recent run of high profile data loss incidents that have been played out in the media to full effect. These data breach incidents highlight how important it is for organisations who hold sensitive customer payment data to protect their brand by ensuring their customer’s credit card details are securely managed. Underpinning regulation in this area is PCI DSS. Requirement 12 requires that you maintain a policy that addresses information security.
When JD Williams decided automation was key to an efficient and effective system of PCI DSS policy compliance, the company searched the marketplace for a suitable solutions provider to deliver their Information Security policies. According to Geoffrey Lloyd, Computer and Services Programme Co-Ordinator for JD Williams;
“We chose MetaComplaince over a couple of competitor products primarily due to MetaCompliance's impressive customer base (Travelex, Payment Shield, GB Group, Essex On Line Partnership and The Scottish Government to name a few) and the fact that the package has been purpose built as a policy management tool rather than being an adapted document management package. It was also very cost effective”.
Metacompliance Ltd. Director Robbie O’Brien further commented;
“We are delighted to have JD Williams among our retail client list. Companies who process sensitive payment data must ensure they have a robust system of policy communication that allows them to evidence user awareness and mitigate risk in the event of a data breach. MetaCompliance allows organisations to implement a Blended User Awareness Strategy that employs all communications methods available to ensure a maximum level of User Awareness can be gained and demonstrated”
Looking to the future and what JD Williams were hoping to achieve with the MetaCompliance solution, Geoffrey Lloyd further explained;
“We hope that MetaCompliance will provide us with an easy to manage delivery mechanism for our Information Security policies and other related policies as required by the PCI DSS. As the main aim is to meet the requirements of the PCI standard, we will also be using the audit trail and the reporting capabilities of MetaCompliance to prove compliance to our external auditors. In addition our HR department are interested in using MetaCompliance to deliver staff surveys and e-Learning packages.”