Skip to main content

E8-IBP-PCI Data Security Standard (PCI DSS)

The policy is designed to detect and manage sensitive information, specifically credit card numbers across various organisational platforms.

🧾 Policy Overview

  • 🧭 Name: E8-IBP-PCI Data Security Standard (PCI DSS)

  • 🔐 Type: Data Loss Prevention (DLP) Simulation Policy

  • 📍 Scope: Exchange, SharePoint, OneDrive for Business, Teams, On-Premises Scanner

  • 🧪 Mode: TestWithoutNotifications (Audit)

  • 📦 Target Locations: All Exchange, OneDrive, SharePoint, Teams, On-Premises Scanner

  • 🔑 Minimum Licensing Requirement: Microsoft 365 Business Premium

🧠 Detection Logic

This policy detects the presence of credit card numbers in content shared outside the organization, in alignment with PCI DSS requirements.

Detection thresholds:

  • High volume rule: ≥10 instances

  • Low volume rule: 1–9 instances

  • Detection is scoped to AccessScope: NotInOrganization to flag external exposure.

📣 Notifications & Alerts

  • 🔔 Alerts generated for Site Admin

  • 📧 Notifications sent to Site Admin, Last Modifier, and Owner

  • 📎 Email attachments included in notifications

  • 🚫 No quarantine or access blocking (simulation mode only)

Related Articles
E8-IBP-Australia Financial Data
E8-IBP-Australia Privacy Act
E8-IBP-Australia Health Records Act (HRIP Act)
Did this answer your question?