The source of all knowledge https://techdocs.amber.cx/ 2026-05-06T15:31:45+00:00 https://techdocs.amber.cx/ https://techdocs.amber.cx/_media/wiki/dokuwiki.svg text/html 2016-11-06T17:25:57+00:00 Anonymous (anonymous@undisclosed.example.com) https://techdocs.amber.cx/policies/acceptable_use?rev=1478453157&do=diff Acceptable Use Policy 1. Overview Gemporia’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to Gemporia’s established culture of openness, trust and integrity. Infosec is committed to protecting Gemporia's employees, partners and the company from illegal or damaging actions by individuals, either knowingly or unknowingly. text/html 2016-11-06T18:33:32+00:00 Anonymous (anonymous@undisclosed.example.com) https://techdocs.amber.cx/policies/business_continuity?rev=1478457212&do=diff Business Continuity Plan Overview The purpose of this document is to establish documented procedures for responding to a business disruption. The Business Continuity Plan will provide support and guidance in management and communication of a disruption along with guidance for escalation of significant events ensuring continuity of business critical processes. text/html 2016-11-03T14:39:11+00:00 Anonymous (anonymous@undisclosed.example.com) https://techdocs.amber.cx/policies/configuration_standards?rev=1478183951&do=diff Configuration Standards Overview The below standards cover all major hardware and software to be installed in the CDE. The main goal of this document is to: * Restrict physical access * Minimise the attack vector for attackers from the systems text/html 2016-11-01T14:16:19+00:00 Anonymous (anonymous@undisclosed.example.com) https://techdocs.amber.cx/policies/employee_handbook?rev=1478009779&do=diff Employee Handbook Overview This handbook is intended to outline and explain the practices and policies of The Genuine Gemstone Company Ltd (hereafter referred to as ‘The Company’, 'we’, ‘us' or 'our'). This employee handbook should be regarded as a set of guidelines only. For employees, it forms part of the employment contract, except where specified. We reserve the right to review, revise, amend or replace the content of this handbook and introduce new policies from time to time to reflect… text/html 2016-06-30T10:19:29+00:00 Anonymous (anonymous@undisclosed.example.com) https://techdocs.amber.cx/policies/employee_termination?rev=1467281969&do=diff Employee termination Overview This document covers actions which must be taken when an employee ends their employment with this company. Timing The optimum time to complete these tasks will depend on the nature of the termination of the employment. If the termination is amicable then the day of employment end is acceptable. If, however, the termination is more hostile (on either side) then care must be taken to remove all access as early as law, decency and practicality will allow. text/html 2017-06-26T14:03:42+00:00 Anonymous (anonymous@undisclosed.example.com) https://techdocs.amber.cx/policies/escalation_matrix?rev=1498485822&do=diff Escalation matrix Overview The purpose of this document is to facilitate the correct escalation process for issues which may arise Document [Escalation Matrix PDF] [Escalation Matrix VSD] Revision History Date Description Who12/10/2014 Original Document text/html 2019-01-16T10:13:29+00:00 Anonymous (anonymous@undisclosed.example.com) https://techdocs.amber.cx/policies/firewall?rev=1547633609&do=diff Firewall Policy 1.Introduction Gemporia recognises that payment card information is a valuable asset. Managing security systems and the information they contain is vital to maintain Gemporia’s reputation and the ability to continue trading successfully. text/html 2019-01-14T19:31:37+00:00 Anonymous (anonymous@undisclosed.example.com) https://techdocs.amber.cx/policies/incident_response_procedure?rev=1547494297&do=diff Incident Response Procedure Overview An incident may be anything which affects or has the potential to affect the proper processing of data in accordance with Gemporia’s business objectives and policies. It may be the result of a deliberate attack or may be accidental in its origin. The scale of incidents may vary greatly from minor inconvenience to threatening the organisation’s future and there needs to be a corresponding range of possible responses. Many of Gemporia’s PCI DSS policies are … text/html 2019-01-14T19:31:19+00:00 Anonymous (anonymous@undisclosed.example.com) https://techdocs.amber.cx/policies/incident_response?rev=1547494279&do=diff PCI DSS - Incident Response Policy 1.Overview An incident may be anything which affects or has the potential to affect the proper processing of data in accordance with Gemporia’s business objectives and policies. It may be the result of a deliberate attack or may be accidental in its origin. The scale of incidents may vary greatly from minor inconvenience to threatening the organisation’s future and there needs to be a corresponding range of possible responses. text/html 2018-10-16T10:21:45+00:00 Anonymous (anonymous@undisclosed.example.com) https://techdocs.amber.cx/policies/information_security?rev=1539685305&do=diff Information Security Policy 1.Introduction Gemporia recognises that payment card information is a valuable asset. Managing supporting systems and the information they contain is vital to maintain Gemporia’s reputation and the ability to continue trading successfully. text/html 2016-11-03T16:36:04+00:00 Anonymous (anonymous@undisclosed.example.com) https://techdocs.amber.cx/policies/insecure_protocol_justification?rev=1478190964&do=diff Insecure Protocol Justification and Mitigation This document has been superseded by SSL / Early TLS migration plan Revision History Date Description Who12/08/2015Original DocumentAndrew Smith01/11/2016Updated date to new target date Andrew Smith03/11/2016Migrated to new document text/html 2019-01-16T10:12:49+00:00 Anonymous (anonymous@undisclosed.example.com) https://techdocs.amber.cx/policies/networkdevices?rev=1547633569&do=diff Network Devices Introduction Gemporia recognises that payment card information is a valuable asset. Managing security systems and the information they contain is vital to maintain Gemporia’s reputation and the ability to continue trading successfully. text/html 2016-11-07T12:31:29+00:00 Anonymous (anonymous@undisclosed.example.com) https://techdocs.amber.cx/policies/new_cde_component?rev=1478521889&do=diff New CDE Component 1.Introduction Gemporia recognises that payment card information is a valuable asset. Managing security systems and the information they contain is vital to maintain Gemporia’s reputation and the ability to continue trading successfully. text/html 2016-11-03T17:37:21+00:00 Anonymous (anonymous@undisclosed.example.com) https://techdocs.amber.cx/policies/password_construction_guidelines?rev=1478194641&do=diff Password Construction Guidelines Overview Passwords are a critical component of information security. Passwords serve to protect user accounts; however, a poorly constructed password may result in the compromise of individual systems, data, or the network. This guideline provides best practices for creating secure passwords. text/html 2016-11-04T10:05:09+00:00 Anonymous (anonymous@undisclosed.example.com) https://techdocs.amber.cx/policies/password_policy?rev=1478253909&do=diff Password Policy 1.Overview Passwords are an important aspect of computer security. A poorly chosen password may result in unauthorized access and/or exploitation of Gemporia's resources. All users, including contractors and vendors with access to Gemporia systems, are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords. text/html 2017-06-26T13:59:19+00:00 Anonymous (anonymous@undisclosed.example.com) https://techdocs.amber.cx/policies/pci_dss_policy?rev=1498485559&do=diff PCI DSS Policy 1.Overview This policy sets out the requirements which are necessary to protect the security of all payment card details that are received and processed by Gemporia which are governed by the Payment Card Industry – Data Security Standard (PCI DSS). Compliance with PCI DSS is mandatory for any company or organisation which stores, processes or transmits payment card data. Failure to comply with these requirements could result in data breaches leading to Gemporia being fined by th… text/html 2016-11-03T14:42:02+00:00 Anonymous (anonymous@undisclosed.example.com) https://techdocs.amber.cx/policies/servers?rev=1478184122&do=diff Server Policy Introduction Gemporia recognises that payment card information is a valuable asset. Managing security systems and the information they contain is vital to maintain Gemporia’s reputation and the ability to continue trading successfully. text/html 2019-01-14T18:31:42+00:00 Anonymous (anonymous@undisclosed.example.com) https://techdocs.amber.cx/policies/ssl_migration_plan?rev=1547490702&do=diff SSL / Early TLS migration plan The below document is now defunct. All TLS 1.0 must be disabled now. Overview Risk Mitigation and Migration Plan for Payment Card Industry Data Security Standard (PCI DSS) 3.1 Requirements PCI SSC has released version 3.1 of the PCI DSS requirements. A key part of these new requirements mandates that SSL (Secure Socket Layers) and early versions of TLS (Transport Layer Security) no longer be used for web servers. text/html 2016-02-16T15:13:36+00:00 Anonymous (anonymous@undisclosed.example.com) https://techdocs.amber.cx/policies/start?rev=1455635616&do=diff Policies This section contains all TGGC policies and should be read by all users Index policies index text/html 2017-08-04T07:21:08+00:00 Anonymous (anonymous@undisclosed.example.com) https://techdocs.amber.cx/policies/wireless_policy?rev=1501831268&do=diff PCI DSS – Wireless Hardware Policy 1.Overview This policy covers wireless hardware used within the CDE, either authorised or unathorised 2.Responsibility for Maintenance The Gemporia IT Director is responsible for ensuring that this document is kept current for the purposes of compliance with the Payment Card Industry Data Security Standards (PCI DSS) initiatives. The document must be reviewed and updated at least annually with the updated version rolled out to all concerned personnel.