Compliancy
PCI – CREDIT CARD SECURITY REQUIREMENTS
These 12 critical components must be in place to meet PCI/DSS requirements for protecting credit card holder data.
- Install and maintain a commercial grade firewall configuration to protect cardholder data
- Do not use vendor-supplied defaults for system passwords and other security parameters
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
- Use and regularly update anti-virus software or programs
- Develop and maintain secure systems and applications
- Restrict access to cardholder data by business need-to-know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
- Maintain a policy that addresses information security for all personnel
CANNABIS COMPLIANCY
- ID Verification
Verify customers are of legal age and their ID is expired to ensure all purchases are made legally.
Further security enhancements include checking the validity of an ID using Mariner’s exclusive software integration to the leading ID reader from Gemalto. Get peace of mind knowing you have put the proper safeguards in place to protect your business.
- Purchase and Time Limits
In the cannabis industry by tracking & enforcing state/province purchase limits, operators are able to ensure their budtenders are not breaking any laws including Looping.
With a single data base setup, CannaPoint’s software prevents customers from over-purchasing by confining their sales to the state limit no matter at which of your company’s locations they may have purchased product.
CannaPoint also automatically converts purchase limits based on flower, concentrates or edibles letting your employees know exactly what can be sold.
- State and Province Reporting Integration
CannaPoint seamlessly connects your data in real time to your state or province’s traceability system. Automating the reporting process means less labor and less labor means less mistakes.
- Inventory Management
NCR’s Inventory Engine makes it easy to monitor all products from propagation to manufacturing to processing to retail. A centralized database ensures that inventory counts are accurately maintained whether you are a small mom and pop store or a large multi-unit operator.
PERSONAL DATA PROTECTION COMPLIANCY
All of Mariner’s POS solutions meet or exceed compliancy requirements related to the following:
GDPR
The General Data Protection Regulation (EU) (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA).
It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR’s primary goal is to give individuals control over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
The regulation contains provisions and requirements related to the processing of personal data of individuals who are located in the EEA, and applies to any enterprise, regardless of its location and the data subjects’ citizenship or residence that is processing the personal information of individuals inside the EEA.
HIPPA
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.
CCPA2018
The California Consumer Privacy Act of 2018 (CCPA) gives consumers more control over the personal information that businesses collect about them. This law secures new privacy rights for California consumers, including:
- The right to know about the personal information a business collects about them and how it is used and shared
- The right to delete personal information collected from them (with some exceptions)
- The right to opt-out of the sale of their personal information
- The right to non-discrimination for exercising their CCPA rights
Businesses are required to give consumers certain notices explaining their privacy practices. The CCPA applies to many businesses, including data brokers.
SOX Compliance (Sarbanes-Oxley Act)
SOX compliance refers to the annual audit in which a public company is obligated to provide proof of accurate, data-secured financial reporting.
SOX requires an Internal Control Report that states management is responsible for an adequate internal control structure for their financial records. SOX requires formal data security policies, communication of data security policies, and consistent enforcement of data security policies.