Terms and Conditions

                                                         Information Security Policy
For JL PARTNERS LLC
Version: 1.0
Effective Date: April 5, 2025

The purpose of this policy is to establish and maintain the security of payment card data and other sensitive information handled by JL PARTNERS LLC  in compliance with the Payment Card Industry Data Security Standard (PCI DSS).

This policy applies to all employees, contractors, consultants, temporary staff, and other workers at  JL PARTNERS LLC  including all personnel who develop, maintain, or support software or solutions that may interact with payment card data.

• Cardholder data must never be stored unless absolutely required and must follow PCI DSS storage rules.
   
• Sensitive authentication data (e.g., full track data, CVV/CVC, PINs) must never be stored post-authorization.
   
• All data in transit must be encrypted using strong encryption (e.g., TLS 1.2 or higher).
   

• Access to systems that store, process, or transmit cardholder data must be restricted to authorized personnel only.
   
• Access must be granted based on the principle of least privilege.
   
• All access must be logged and regularly reviewed.
   

• All software development must follow secure coding practices and be based on recognized frameworks (e.g., OWASP Top 10).
   
• Developers must receive regular security training.
   
• All applications must be tested for security vulnerabilities before deployment (e.g., code review, penetration testing).
   

• A firewall must be implemented between internet-facing systems and internal networks.
   
• Network segmentation is recommended to isolate cardholder data environments (CDE).
   
• Anti-malware solutions must be in place and regularly updated.
   

• A documented incident response plan must be maintained and tested annually.
   
• All employees must be aware of how to report suspected security incidents.
   

• Third-party service providers with access to cardholder data must be PCI DSS compliant.
   
• Due diligence and regular assessments of vendors must be conducted.
   

• This policy must be reviewed at least annually and after any significant changes to business or technology that may impact PCI DSS compliance.
   

• CIO/CISO/Security Officer: Owns and maintains the Information Security Policy.
   
• Developers: Must adhere to secure coding and data protection requirements.
   
• IT & Security Teams: Enforce access control, encryption, and monitor compliance.
   

All personnel must read and acknowledge this policy. Records of acknowledgment must be kept.