A risk evaluation needs to be applied to identify vulnerabilities and threats, use policies for essential systems needs to be designed and all personnel security tasks must be described A 2012 circumstance involving Utah restaurateurs Stephen and Cissy McComb brought several of the murky world of PCI DSS fines in https://www.financezeus.com/nathan-labs-expands-cyber-security-services-in-saudi-arabia