Information Security Policy - Meridian Speciality Packaging
Last updated May 2018
Revised due to introduction of Data Protection Act 2018 as UK enforcement of EU General Data Protection Regulation (GDPR) [Regulation (EU) 2016/679]
Meridian Speciality Packaging’s (“Meridian”) is aware of how important personal information is to its customers and is committed to delivering a highly secure and reliable service based on trust and responsible information handling practice.
Meridian does not store sensitive cardholder data and has designed a cardholder data environment to control risks to cardholder data and personal information.
Meridian is committed to maintaining compliance with the Payment Card Industry (PCI) Data Security Standard (DSS) (“PCI-DSS”), which is a standard created to demand best practice security controls where sensitive data is collected, handled, processed or transmitted and to prevent payment card fraud.
This is focused on ensuring Meridian:
- Builds and maintains a secure network
- Protects cardholder data
- Maintains a vulnerability management program
- Implements strong security measures
- Regularly tests and monitors networks
- Maintains an information security policy
When cardholder data is processed through Meridian’s online shop, this is done through a secure connection; cardholder data management is fully outsourced to a third-party and no cardholder data is stored by Meridian.
Meridian will never collect cardholder data or sensitive information via email or other messenger systems or social media.
In order to offer the most secure methods of processing cardholder data, reputable third-party banking (including PayPal, Stripe and Elavon) handle Meridian’s credit card transactions. Secure cardholder data is securely transferred to the third party by the e-commerce website provider [from the host environment] to verify and authorise a customer’s payment card and to process the order; no cardholder data is stored in the e-commerce website hosting environment. An attestation of compliance is obtained for the e-commerce hosting environment.
Information security is the responsibility of all employees who handle or process cardholder data or sensitive information – but supervision and policy implementation in the responsibility of a Manager responsible for Meridian’s PCI-DSS compliance (“Responsible Manager”).
The Responsible Manager for Meridian is: Adam Heath, Operations Manager.
Thgis policy statement is supported by a detailed Information Security Policy (and supported by a site security policy) which is available on request.
If you have any questions or queries relating to this Information Security Policy then please contact us at:
Meridian(Speciality Packaging) Limited
Spring Lane North
Telephone: +44 (0)1684 578441 | Email: firstname.lastname@example.org