Arts Management Systems' data and Customer's data is to be considered sensitive at all times and treated with the utmost care. This is especially true when it comes to data relating to PCI compliance and credit card information. There is also, in general terms, no need to have customer data transferred to our custody, especially with sensitive data in it.
It is Arts Management Systems policy that Employees:
Standard practice requires removal of all card data before a database transfer is to occur (if a database needs to be transferred to AMS in the first place) |
-T fCreditCardsEncrypted parameters with pg_dump to ensure no such data is transmitted.
eg:the default parameters in the support script exclude any encrypted card data. other files can be added if they are large (other candidates are transactions, web logs and/or eblasts)
pg_dump -F c -v -T fCreditCardsEncrypted datbase > /path/to/backup.backup
There are NO permitted exceptions that allow credit card data to be transferred out of the customer network at any time. The BackupTM_SUPPORT script must be used to create a backup that excludes encrypted card data before sending via secure https. |