Definition

Samples Business Continuity Plan (BCP) Templates for Project Management Office (PMO)

Disaster Recovery:
Application/Critical System Recovery (Indicate high level strategies to recover critical applications or systems that are impacted by event)

Business Continuity:
- Application/Critical System Unavailable (Indicate strategies to perform essential functions to customers when key business applications and systems are not available)

1. A business transaction requires the execution of multiple operations.

2. Transaction volume and database size adds complexity and undermines efficiency.

3. To scale up a system for high performance, transactions must execute concurrently.

4. Each transaction should either return an acknowledgment that it executed or return a negative acknowledgment that it did not execute.

5. The system should be incrementally scalable.

- Have you planned for several releases of the software before the full, final capabilities are present?
- Does the first release contain the germ of the program, the seed from which the rest of the program will be developed?
- Will the first release be made as early as possible to get the ball rolling?
- Is the first release usable, at least at some minimal level?
- Have you defined what each evolutionary stage will deliver as best as you can in the hazy dawn of the project?
- Does each release add significant capabilities?

1. Cardholder: The legal owner of the credit card.

2. Cardholder Data: At a minimum includes the primary account number (PAN), but also may include the cardholder name, service code, or expiration data when stored in conjunction with the account number.

3. Storage of Cardholder Data: Any retention of cardholder data on digital or analog media. Not limited to digital information. Often excludes temporary retention for troubleshooting or customer service purposes.

4. Processing of Cardholder Data: Any manipulation of cardholder data by a computing resource or on physical premises. Not limited to digital information.

5. Transmission of Cardholder Data: Any transfer of cardholder data through a part of the computer network or physical premises. Not limited to digital information.

The PA-DSS is for software developers and integrators of payment applications that store, process or transmit cardholder data as part of authorization or settlement when these applications are sold, distributed or licensed to third parties. Most card brands encourage merchants and third party agents to use payment applications that are validated independently by a PA-QSA company and accepted for listing by the PCI SSC.