top of page

Return to Information Page

PCI Compliance Policy

Effective Date: 12/19/24
Last Reviewed: 2/22/25

1. Purpose

Here We Grow is committed to protecting the financial information of donors, partners, and stakeholders. This Payment Card Industry Data Security Standard (PCI DSS) Compliance Policy outlines the measures taken to ensure the secure processing, storage, and transmission of cardholder data.

2. Scope

This policy applies to all employees, volunteers, contractors, and third-party service providers who handle, process, or have access to payment card data. It encompasses all systems, networks, and processes that store, process, or transmit cardholder information.

3. PCI DSS Compliance Requirements

Here We Grow adheres to the following PCI DSS requirements:

 

Our donations are all handled by a third-party system Neon Pay that maintains full compliance. https://neonone.com/

NeonOne maintains the following compliance standards (See Number 6)

 
3.1 Build and Maintain a Secure Network

  • Implement and maintain firewall configurations to protect cardholder data.

  • Avoid using vendor-supplied default passwords and security parameters.

3.2 Protect Cardholder Data

  • Encrypt stored cardholder data to prevent unauthorized access.

  • Securely transmit cardholder data using strong cryptographic protocols.

3.3 Maintain a Vulnerability Management Program

  • Regularly update antivirus software and security patches.

  • Develop and maintain secure systems and applications.

3.4 Implement Strong Access Control Measures

  • Restrict access to cardholder data on a need-to-know basis.

  • Assign unique IDs to individuals with access to cardholder data.

  • Implement multi-factor authentication for accessing sensitive systems.

3.5 Regularly Monitor and Test Networks

  • Track and monitor all access to network resources and cardholder data.

  • Regularly test security systems and processes, including penetration testing and vulnerability scanning.

3.6 Maintain an Information Security Policy

  • Establish, publish, and maintain an information security policy for all personnel.

  • Provide PCI compliance training for all relevant staff.

  • Conduct regular risk assessments and security awareness programs.

 

4. Data Handling and Retention

  • Here We Grow does not store full cardholder data (PAN, CVV, expiration date) unless absolutely necessary and in compliance with PCI DSS standards.

  • Data retention policies ensure that sensitive information is retained only for the necessary duration and is securely disposed of when no longer needed.

  • All physical and electronic media containing cardholder data must be securely destroyed or rendered unreadable when no longer required.

 

5. Incident Response Plan

In the event of a suspected data breach we:

  1. Immediately report the incident to Shawn Hendrix shawn@thegrowsquad.org

  2. Secure all affected systems and isolate them from the network.

  3. Notify relevant parties, including card issuers and regulatory bodies, if required.

  4. Conduct a forensic investigation and document findings.

  5. Implement corrective measures to prevent future breaches.

 

6. Third-Party Vendors

  • Vendors handling payment processing such as https://neonone.com/ must comply with PCI DSS requirements.

  • Written agreements must confirm vendor compliance and outline security responsibilities.

  • Regular reviews of vendor security practices are required to ensure continued compliance.

 

7. Employee Responsibilities

  • Employees must complete PCI compliance training annually.

  • Employees must report any suspected security violations or non-compliance.

  • Failure to adhere to this policy may result in disciplinary action.

 

8. Policy Review and Updates

This policy will be reviewed annually or upon significant changes in payment processing practices. Updates will be communicated to all relevant personnel.

9. Contact Information

For questions regarding this policy, please contact:
Matthew Gauger
Email: matthew@thegrowsquad.org
Phone: (803) 856-2073

Here We Grow is dedicated to maintaining the highest security standards to protect donor and stakeholder data. Compliance with PCI DSS ensures trust, security, and the integrity of financial transactions within our organization.

bottom of page