A risk assessment needs to be executed to detect vulnerabilities and threats, usage policies for vital systems has to be created and all staff security duties must be described A 2012 case involving Utah restaurateurs Stephen and Cissy McComb brought some of the murky entire world of PCI DSS fines https://alertchronicle.com/nathan-labs-expands-cyber-security-services-in-saudi-arabia