Security & Retention Policy
The Document Vault is intended to securely store and display sensitive images and documents. To ensure data security as well as compliance with the PCI standard when it comes to cardholder data, strict retention policies for uploaded documents are in place. These policies control how long documents can been stored and after which time they will be deleted once the document is in status
In addition, please make sure to meet the following requirements when using the DocumentVault:
- Access Please restrict the number of users who have access to sensitive data to an absolute minimum.
- Business reason To use the Document Vault a clear and transparent documented business process is required, needs to be reviewed and approved by the PCI Proxy team.
- Unique User Account Every users needs its own, dedicated user account. Shared logins are not allowed.
- Multifactor authentication Securing the user account with 2FA is mandatory.
We have also setup an internal monitoring and alerting tool which detects unusual or non human behaviour. Once a certain threshold is reached, we may automatically block your user account.