A risk assessment needs to be implemented to determine vulnerabilities and threats, utilization policies for critical systems should be produced and all staff security obligations need to be outlined A 2012 situation involving Utah restaurateurs Stephen and Cissy McComb brought some of the murky entire world of PCI DSS fines https://www.digiobserver.com/nathan-labs-expands-cyber-security-services-in-saudi-arabia