Payment Card Industry (PCI) Qualified Integrators and Resellers

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Payment Card Industry (PCI) Qualified Integrators and Resellers"

Transcription

1 Payment Card Industry (PCI) Qualified Integratrs and Resellers Prgram Guide Versin 3.0 September 2015

2 Dcument Changes Date Versin Descriptin August Initial release f the PCI Qualified Integratrs and Resellers (QIR) Prgram Guide Octber Minr edits t align with PCI DSS and PA-DSS v3.0 N/A 2.0 Versin number nt used September Minr edits t simplify prgram, e.g., Allwing sle prprietrs t jin the prgram by remving the requirement t have tw trained emplyees n staff at all times QIR Prgram Guide, v 3.0 September PCI Security Standards Cuncil, LLC Page i

3 Table f Cntents Dcument Changes... i 1 Intrductin QIR Prgram Backgrund Related Publicatins Terminlgy QIR Prgram Rles and Respnsibilities Prgram Overview Fees QIR Qualificatin Prcess QIR Required Requalificatin Prcesses Pre-Implementatin Activities Preparatin Qualified Installatin Prcess Overview Implementatin Executin Pst-Implementatin Activities Implementatin Reprting Onging Supprt Engagement Terminatin QIR Quality Management QIR Cmpany Respnsibilities PCI SSC s Rle in Quality Management QIR Cmpany Status... 9 Appendix A: Acceptable Frms f Dcumented Evidence QIR Prgram Guide, v 3.0 September PCI Security Standards Cuncil, LLC Page ii

4 1 Intrductin This dcument prvides an verview f the PCI SSC Qualified Integratrs and Resellers Prgram ( QIR Prgram ) perated and managed by PCI Security Standards Cuncil, LLC ( PCI SSC ), and shuld be read in cnjunctin with the Qualificatin Requirements Fr Qualified Integratrs and Resellers (QIRs) QIR Qualificatin Requirements ), and the ther dcuments referenced in Sectin 1.2 belw. This dcument describes the fllwing: QIR Prgram Backgrund QIR Prgram Rles and Respnsibilities QIR Prgram Overview Pre-Implementatin Activities Qualified Installatin Prcess Overview Pst-Implementatin Activities QIR Quality Management 1.1 QIR Prgram Backgrund PCI SSC perates the Payment Applicatin Data Security Standards (PA-DSS) prgram. The prgram prmtes the develpment and implementatin f secure cmmercial payment applicatins that d nt stre prhibited data, and helps t ensure that payment applicatins supprt cmpliance with the PCI DSS. Organizatins qualified by PCI SSC t implement, cnfigure and/r supprt PA-DSS validated Payment Applicatins n behalf f merchants and service prviders are referred t as Qualified Integratr and Reseller Cmpanies r QIR Cmpanies. The quality, reliability and cnsistency f a QIR Cmpany s wrk prvide cnfidence that the applicatin has been implemented in a manner that supprts the custmer s PCI DSS cmpliance. 1.2 Related Publicatins The Payment Card Industry (PCI) Qualified Integratrs and Resellers (QIR) Prgram Guide (r QIR Prgram Guide ) shuld be used in cnjunctin with the latest versins f the fllwing ther PCI SSC publicatins, each as available thrugh the Website: QIR Qualificatin Requirements, which defines requirements that must be satisfied by QIR Cmpanies in rder t perfrm Qualified Installatins PCI DSS, which sets the fundatin fr ther PCI Standards and related requirements PA-DSS, which defines the specific technical requirements and prvides related assessment prcedures and templates used t validate payment applicatins and dcument the validatin prcess QIR Implementatin Statement, which is a template used t dcument the results f a Qualified Installatin QIR Implementatin Instructins, which is a guidance dcument used t explain hw t cmplete the QIR Implementatin Statement QIR Prgram Guide, v 3.0 September PCI Security Standards Cuncil, LLC Page 1

5 1.3 Terminlgy Except as therwise specified herein, capitalized terms used but nt defined in this dcument shall have the meanings ascribed t them in Schedule 1 t the QIR Qualificatin Requirements. 1.4 QIR Prgram Rles and Respnsibilities The QIR Prgram simplifies the prcess fr identifying and engaging integratrs and resellers qualified t assist merchants and industry participants in their effrt t install PA-DSS validated payment applicatins in a manner that facilitates PCI DSS cmpliance. A QIR Cmpany may be any frm f legal entity and must cmply with all QIR Cmpany Requirements. Only cmpanies that are qualified by PCI SSC and are in Gd Standing (r in Remediatin) as QIR Cmpanies are permitted t perfrm Qualified Installatins. All QIR Cmpanies are listed n the QIR List. QIR Cmpany respnsibilities generally include (withut limitatin) the fllwing: Ensuring installatins and cnfiguratins f PA-DSS validated Payment Applicatins are in accrdance with the applicable PA-DSS Implementatin Guide in a manner which supprts PCI DSS cmpliance. Prviding the custmer with a cmpleted QIR Implementatin Statement after installatin and cnfiguratin f a PA-DSS validated applicatin. Dcumenting any ptential risks t PCI DSS cmpliance identified by the QIR Emplyee in the QIR Implementatin Statement. Maintaining a quality assurance prgram that includes vetting f emplyees invlved in Qualified Installatins, persnnel training and educatin n PCI DSS and applicable PA- DSS Implementatin Guides. Prtecting cnfidential and sensitive infrmatin. Supprting any PFI frensic investigatins in which the applicatin the QIR installed at a custmer envirnment may be invlved. Servicing the payment applicatins (fr example, trubleshting, delivering remte updates and prviding remte supprt) if engaged t d s, accrding t the PA-DSS Implementatin Guide and PCI DSS. 2 Prgram Overview The gal f the QIR Prgram is t educate, qualify and train rganizatins invlved in the implementatin, cnfiguratin and/r supprt f a PA-DSS validated payment applicatin n behalf f a merchant r service prvider. The prgram fcuses n tw cre bjectives: Ensuring that QIR Cmpanies install and cnfigure PA-DSS validated payment applicatins int custmer envirnments in a manner that supprts PCI DSS cmpliance, and Ensuring that QIR Cmpanies are accuntable fr ensuring that such installatins facilitate their custmers PCI DSS cmpliance effrts. QIR Prgram Guide, v 3.0 September PCI Security Standards Cuncil, LLC Page 2

6 2.1 Fees QIR Prgram Guide, v 3.0 September PCI Security Standards Cuncil, LLC Page 3 Fees t participate as a QIR Cmpany in the QIR Prgram are specified in the QIR Prgram Fee Schedule n the Website. Pricing and fees charged by QIR Cmpanies fr the services they prvide t custmers in cnnectin with Qualified Installatins are negtiated directly between the QIR Cmpany and the applicable custmer. Fees and pricing fr Qualified Installatins and related services f QIR Cmpanies are nt set by PCI SSC, and PCI SSC is nt invlved in any way with such fees r pricing. 2.2 QIR Qualificatin Prcess In an effrt t help ensure that each QIR Cmpany and QIR Emplyee pssesses the requisite knwledge, skills, experience and capacity t perfrm installatins f PA-DSS validated applicatins in a prficient manner and in accrdance with industry expectatins, cmpanies and individuals desiring t perfrm Qualified Installatins must first be qualified as QIR Cmpanies r QIR Emplyees (as applicable), and then must maintain that qualificatin in Gd Standing. Please refer t the QIR Qualificatin Requirements t review specific infrmatin regarding qualificatin as a QIR Cmpany r QIR Emplyee. 2.3 QIR Required Requalificatin Prcesses In additin t all ther applicable requirements, each QIR Cmpany must perfrm the prcesses listed belw in rder t remain in Gd Standing: Requalify every three years. Require all cntinuing QIR Emplyees t successfully cmplete all required QIR Prgram training and training examinatins every three years. QIR Emplyees failing t satisfy this requirement must d s befre leading r managing any Qualified Installatin. Annually review and update, as applicable, the QIR Cmpany s Quality Manual (See Sectin 6.1 belw). Require all QIR Emplyees t annually review PA-DSS Payment Applicatin training materials t maintain current knwledge f all majr and minr sftware changes. Train emplyees and cntractrs with access t custmer sites n hw t access, install, maintain and supprt payment applicatins (and any cnnected systems) in accrdance with the infrmatin prvided by the applicatin vendr in the PA-DSS Implementatin Guide and ther supprting materials. 3 Pre-Implementatin Activities 3.1 Preparatin T help ensure that each QIR Cmpany and QIR Emplyee pssesses the requisite knwledge, skills, experience and capacity t perfrm Qualified Installatins in a prficient manner, and in accrdance with industry expectatins, each QIR Cmpany and each QIR Emplyee is required at all times t satisfy all applicable QIR Qualificatin Requirements. The current versin f these requirements is available n the Website. Applicatins validated as cmpliant with the PA-DSS and accepted by PCI SSC are identified n the list f validated Payment Applicatins n the Website (the Applicatin List ). Only the specific

7 QIR Prgram Guide, v 3.0 September PCI Security Standards Cuncil, LLC Page 4 versins f the Payment Applicatins that appear in the Applicatin List ( Validated Applicatin Versins ) have been evaluated and determined t cmply with the PA-DSS and therefre are eligible fr Qualified Installatins. Preparatin activities that the QIR Cmpany must cnsider prir t undertaking a Qualified Installatin include but are nt limited t: Sell and install nly thse Validated There are tw types f validated Payment Applicatin Versins that are identified n Applicatins: Acceptable fr New the Website as Acceptable fr New Deplyments and Acceptable nly fr Pre- Deplyments. Existing Deplyments. These are identified as tw different tabs n the Website and als Cnfirm befre the start f a new Engagement that the applicatin is Acceptable fr New Deplyments. in the Deplyment Ntes fr each validated applicatin. Be prepared t answer any questins the custmer may have, r knw where t refer the custmer, regarding the payment applicatin listing infrmatin n the Website, such as: The Revalidatin Date is based n the acceptance f a specific applicatin by PCI SSC. Each validated payment applicatin must underg an annual attestatin until the Expiry Date is reached. Payment applicatins that have nt yet expired appear n the Acceptable fr New Deplyments list. The Expiry Date is based n the lifecycle f PA-DSS. All payment applicatins validated t a particular versin f PA-DSS expire n the same date. When the Expiry Date is reached, if a specific payment applicatin has nt been validated against the current versin f PA-DSS, it will be placed n the Acceptable nly fr Pre-Existing Deplyments list. The perating system(s) n which the PA-DSS applicatin has been tested and any dependent hardware r sftware requirements are listed fr each payment applicatin n the Website. It is the respnsibility f the QIR Cmpany and applicable QIR Emplyee t ensure that the custmer s envirnment meets these minimum requirements fr each payment applicatin s implementatin. Ntify the custmer that PCI DSS cmpliance is at risk if any applicatin they chse t install r maintain has been identified as vulnerable r des nt appear n the Applicatin List as Acceptable fr New Deplyments. Ensure that all new and existing QIR Emplyees and cntractrs wh have access t custmer sites, cardhlder data r a custmer s CDE (cardhlder data envirnment) meet the requirements f PCI DSS PCI DSS 12.7 Screen ptential persnnel prir t hire t minimize the risk f attacks frm internal surces. (Examples f backgrund checks include previus emplyment histry, criminal recrd, credit histry, and reference checks.) The QIR Emplyee shuld, prir t undertaking a Qualified Installatin, review the latest payment applicatin vendr instructinal dcumentatin, PA-DSS Implementatin Guide and training prgrams fr the specific versin f the PA-DSS validated applicatin. Prvide the custmer with the name f the Lead QIR wh will be respnsible fr the Engagement, an estimate f wrk t be perfrmed, expected duratin f the wrk and ntice f any ptential dwn time.

8 Direct the custmer t the QIR Feedback Frm n the Website where the frm can be cmpleted and submitted t PCI SSC. Determine the level f access that will be required t supprt the custmer, and strictly fllw secure access, installatin, maintenance and supprt prcesses utlined in the applicatin vendr s latest PA-DSS Implementatin Guide. Ensure that QIR Emplyee access credentials are unique per QIR Emplyee and per custmer. Develp an installatin, cnfiguratin and maintenance plan frm the infrmatin prvided by the applicatin vendr in the PA-DSS Implementatin Guide and any ther supprting materials. 4 Qualified Installatin Prcess Overview 4.1 Implementatin Executin The PA-DSS Implementatin Guide is prvided by the vendr f the validated payment applicatin and is used by the QIR Cmpany t install, cnfigure and maintain the payment applicatin. Any questins abut the PA-DSS Implementatin Guide shuld be directed t the applicatin vendr. The QIR Implementatin Statement prvides a checklist f tasks t be cmpleted as part f a Qualified Installatin. Sme r all f these tasks will apply t any given implementatin. It is the respnsibility f the Lead QIR t understand hw each item within the QIR Implementatin Statement applies t the particular implementatin. All tasks in the QIR Implementatin Statement are the respnsibility f the Lead QIR. Sme f the tasks may be autmatically perfrmed by the payment applicatin; ther tasks will be perfrmed by the QIR Emplyee. The PA-DSS Implementatin Guide fr the validated payment applicatin will prvide instructins n hw t cnfigure the payment applicatin r ther sftware. The custmer may chse t perfrm sme f these tasks rather than the QIR Cmpany. It is imprtant that the Lead QIR dcument all tasks that bth the QIR Cmpany and the custmer are t perfrm, and that bth the QIR Cmpany and the custmer understand and agree t the tasks befre cmmencement. The QIR Implementatin Statement and the PA-DSS Implementatin Guide must bth be used during the installatin. The QIR Cmpany must retain evidence f all cnfigurable elements f a Qualified Installatin (whether perfrmed by the QIR Emplyee r custmer) and must retain these wrk papers as part f the installatin dcumentatin. Examples f types f evidence are prvided in Appendix A. 5 Pst-Implementatin Activities 5.1 Implementatin Reprting The QIR Implementatin Statement must be prduced as part f each Engagement and must be cmpleted and delivered t the custmer n later than ten (10) business days after cmpletin f the Qualified Installatin. The QIR Cmpany must stre the QIR Implementatin Statement and any assciated wrk papers in accrdance with the QIR Cmpany s current evidence retentin plicy and prcedures and fr a minimum f three (3) years frm the cmpletin f the Qualified Installatin. PCI SSC QIR Prgram Guide, v 3.0 September PCI Security Standards Cuncil, LLC Page 5

9 reserves the right t examine these dcuments upn reasnable ntice as part f the quality assurance prcess. A template fr the QIR Implementatin Statement is available n the Website. Supprting guidance, the QIR Implementatin Instructins, is als n the Website and explains hw t cmplete the QIR Implementatin Statement. The Implementatin Statement is divided int three (3) parts; Part 1: Implementatin Statement Summary, Part 2: Implementatin Statement Details and Part 3: QIR Emplyee Additinal Observatins. QIR Cmpanies must fllw the defined frmat fr all Qualified Installatins Part 1: Implementatin Statement Summary The Implementatin Statement Summary is used t prvide cnfirmatin and acceptance f the Qualified Installatin, alng with Custmer, QIR Cmpany and Payment Applicatin details. The fllwing infrmatin must be included in the QIR Implementatin Statement: Custmer s cmpany name and cntact details Name f QIR Cmpany Name and cntact details f the Lead QIR, and PA-DSS validated Payment Applicatin name, versin number and reference number as shwn n the Website Requested Cntent Quality Review Explanatin The QIR Cmpany must perfrm a quality review f the QIR Implementatin Statement t cnfirm accuracy and cmpleteness. Signatures The signature f the Lead QIR indicates acceptance f respnsibility and accuntability fr the cmpleted installatin. The signature f the custmer is required t cnfirm a cpy f the QIR Implementatin Statement has been prvided t them. NOTE: The Lead QIR is expected t review the results f the installatin with the custmer t demnstrate the Payment Applicatin has been installed and cnfigured in a manner that supprts cmpliance with PCI DSS, and if applicable, that ptential areas f vulnerability have been identified Part 2: Implementatin Statement Details The secnd sectin f the QIR Implementatin Statement cntains a checklist f tasks that must be cmpleted during the Qualified Installatin. The checklist prvides the QIR Emplyee with a systematic way t cmprehensively dcument each step f the Qualified Installatin. The activities cnducted during the installatin and cnfiguratin f the Payment Applicatin must be recrded s that the custmer understands, and has a recrd f, changes made t their envirnment. The QIR Implementatin Instructins prvides details fr each task. QIR Prgram Guide, v 3.0 September PCI Security Standards Cuncil, LLC Page 6

10 5.1.3 Part 3: QIR Emplyee Additinal Observatins The QIR Emplyee Additinal Observatins sectin prvides the QIR Emplyee a place t dcument any cncerns r issues identified during the Qualified Installatin. Any bservatins r details applicable t the verall installatin that the Custmer needs t be aware f shuld be recrded in this sectin. Als, any anmalies r issues bserved that may affect the Custmers PCI DSS cmpliance shuld be recrded here. This is als where the QIR Emplyee will recrd explanatins fr any tasks that culd nt be r were nt perfrmed as part f the Qualified Installatin, such as a required task that the Custmer executed rather than the QIR Emplyee. 5.2 Onging Supprt The QIR Cmpany may be asked t manage the payment applicatin after installatin. This may include applying updates r patches, changing cnfiguratins, etc. Wrk must be cnducted in accrdance with the PA-DSS Implementatin Guide and the QIR Implementatin Statement. When debugging r trubleshting fr custmers, the QIR Cmpany must verify that any cardhlder data, if necessary t reslve a prblem, is cllected in limited amunts, encrypted while stred and securely deleted immediately after use. The QIR Cmpany must immediately reprt all vulnerabilities r ptential breaches t the custmer. The QIR Cmpany must review, at least annually, updates t the applicable PA-DSS Implementatin Guide and supprting dcumentatin t remain current with all majr and minr sftware changes, and QIR Cmpany training materials must be updated t reflect all majr and minr sftware changes Remte Access If supprt is being prvided remtely, the QIR Cmpany must: Advise custmers t turn n remte management nly when necessary, mnitr when in use and t turn ff access immediately thereafter. Use remte management sftware nly when abslutely necessary, and in a secure manner, t access custmer sites fr the purpses f installatin, supprt, and maintenance. Use tw-factr authenticatin with strng cryptgraphy. QIR Cmpanies using remte access sftware must fllw the PA-DSS Implementatin Guide, which cntains instructins n using remte access security features. The QIR Cmpany is required t manage all remte access t custmers as fllws: Site access must be restricted and authenticatin credentials assigned t nly thse persnnel wh need access. Remte QIR Cmpany access t custmer sites must nly cme frm specific and knwn IP addresses. Unique, cmplex and secure authenticatin credentials must be used fr each custmer. Data transmissins must always be encrypted. QIR Prgram Guide, v 3.0 September PCI Security Standards Cuncil, LLC Page 7

11 5.2.2 PFI Supprt If the QIR Cmpany is asked t participate in the investigatin f a breach at the custmer envirnment where the QIR Cmpany installed a PA-DSS validated payment applicatin, the QIR Cmpany may be requested t prvide cpies f the QIR Implementatin Statement and assciated dcumentatin frm the Engagement t the custmer and/r t the applicable PCI SSC-qualified PCI Frensic Investigatr (PFI), and must cperate fully with the PFI in such investigatin and all such requests. 5.3 Engagement Terminatin When an Engagement ends, the QIR Cmpany must perfrm clean-up tasks that include but are nt limited t: Ensuring credentials are securely remved frm all custmer sites after any installatin r maintenance tasks have been cmpleted. Prviding instructins fr the custmer t remve QIR Cmpany user accunts and credentials, if the QIR Cmpany n lnger supprts the custmer. Prviding instructins fr the custmer t eliminate all cnnectivity fr example, pen firewall prts between the QIR Cmpany and the custmer. 6 QIR Quality Management QIR Cmpanies are required t establish a Quality Assurance Prgram that, as stated in the QIR Qualificatin Requirements and further detailed within this Prgram Guide, requires QIR Cmpanies and Emplyees t adhere t all quality assurance requirements set by PCI SSC. The quality apprach fr the QIR Prgram is achieved by QIR candidates fulfilling the qualificatin requirements detailed in the QIR Qualificatin Requirements, the QIR Cmpany s and Emplyee s cntinued adherence t thse requirements and respnsibilities, and PCI SSC s n-ging mnitring f the QIR Cmpany and Emplyees. 6.1 QIR Cmpany Respnsibilities The QIR Cmpany is expected t manage an internal quality assurance prgram that meets all QIR quality assurance requirements and expectatins f PCI SSC, and is dcumented and described in the QIR Cmpany s Quality Manual. PCI SSC reserves the right t request and review the Quality Manual at any time. The Quality Manual must be reviewed and updated annually, and must minimally include: Prcedures requiring all QIR Emplyees and cntractrs with access t custmer sites t strictly fllw secure access, installatin, maintenance and supprt prcesses utlined in the applicatin vendr s latest PA-DSS Implementatin Guide Apprpriate requirements, prcesses and prcedures regarding reviews f perfrmed installatin prcedures, supprting dcumentatin and infrmatin dcumented in QIR Implementatin Statements relating t installatin recmmendatins; and thrugh dcumentatin f all installatin results A requirement fr a quality review f all QIR Implementatin Statements A requirement that all QIR Emplyees must adhere t the QIR Prgram Guide and all QIR Emplyee Requirements QIR Prgram Guide, v 3.0 September PCI Security Standards Cuncil, LLC Page 8

12 A requirement fr dcumentatin f disciplinary actin if an emplyee r cntractr fails t securely access, install, maintain r supprt payment applicatins (and any cnnected systems) in accrdance with industry data security best practices and standards Prcesses fr maintaining cpies f training recrds t cnfirm that all QIR Emplyees have received training befre being assigned t a Qualified Installatin The QIR Cmpany must ntify PCI SSC anytime a QIR Emplyee leaves emplyment r mves t a nn-qir rle. Furthermre, if the cmpany des nt maintain at least ne QIR Emplyee, the QIR Cmpany will be remved frm the QIR List and becme ineligible t perfrm new Qualified Installatins until the minimum requirements are satisfied Feedback Prcess At the start f each Qualified Installatin, the QIR Cmpany must direct the custmer t the QIR Feedback Frm n the Website, and request that the Cmpany submit the cmpleted frm t PCI SSC fllwing the installatin. Any payment card brand, acquiring bank r ther persn r entity may submit QIR Feedback Frms t PCI SSC t prvide feedback n a Qualified Installatin. Additinally, a Qualified Security Assessr (QSA) Cmpany r Emplyee that assesses a merchant r service prvider that has had a Qualified Installatin perfrmed may submit a QIR Feedback Frm regarding the QIR Cmpany that perfrmed that installatin. The QIR Feedback Frm addresses the fllwing: Adequacy f QIR Implementatin Statement cntent; Cmpetence f staff assigned t Qualified Installatin Engagements; Ability t effectively cmmunicate the results f the Qualified Installatin and any ptential risks r expsures identified during the Qualified Installatin. 6.2 PCI SSC s Rle in Quality Management PCI SSC quality assurance prcess begins with QIR Cmpany and QIR Emplyee qualificatin and related training prcess. PCI SSC then perfrms mnitring activities t gain assurance that established requirements are in place and maintained as expected. This is achieved mst ften thrugh review and mnitring f QIR Custmer Feedback Frms, and may include audits f QIR Implementatin Statements and ther materials, infrmatin r wrk prduct generated r btained during the curse f Qualified Installatins. PCI SSC reserves the right t cnduct such activities at any time, and each QIR Cmpany is required t cperate in such quality assurance activities. Nte: the QIR Cmpany may redact sensitive r cnfidential infrmatin that des nt materially impact PCI SSC s quality assurance review. Tgether, these quality checks allw PCI SSC t reasnably mnitr the quality f QIR Cmpanies and Emplyees. S lng as PCI SSC determines in its reasnable discretin that a QIR Cmpany cntinues t satisfy applicable QIR Requirements and meets prescribed quality levels fr Qualified Installatins, that QIR Cmpany will remain in Gd Standing as a QIR Cmpany. Failure t satisfy applicable requirements r meet applicable quality levels may result in any r all f the actins described in Sectin 6.4 belw. 6.3 QIR Cmpany Status QIR Prgram Guide, v 3.0 September PCI Security Standards Cuncil, LLC Page 9

13 QIR Prgram Guide, v 3.0 September PCI Security Standards Cuncil, LLC Page 10 The QIR Prgram recgnizes several status designatins fr QIR Cmpanies and QIR Emplyees. The status f a QIR Cmpany r QIR Emplyee is initially Gd Standing but may change based n quality cncerns, feedback, administrative issues, r ther factrs. These status designatins are described further belw. Nte: These status designatins are nt necessarily prgressive: Any QIR Cmpany s r QIR Emplyee s status may be revked r a QIR Cmpany s QIR Agreement terminated fr quality cncerns. Accrdingly, a QIR Cmpany r QIR Emplyee may mve directly frm Gd Standing t Revcatin (defined belw). Nnetheless, nn-severe quality cncerns are generally first addressed thrugh the Remediatin prcess (described belw) in rder t prmte imprved perfrmance Gd Standing QIR Cmpanies and QIR Emplyees are expected t maintain a status f Gd Standing while participating in the QIR Prgram. Where PCI SSC detects any deteriratin f quality levels ver time, PCI SSC may issue warnings t QIR Cmpanies. While a Warning shuld be taken seriusly s that actins d nt escalate t Remediatin and/r Revcatin, a Warning alne des nt impair a QIR Cmpany s Gd Standing status Remediatin A QIR Cmpany and/r Emplyee may be placed int Remediatin fr varius reasns, including quality cncerns r administrative issues such as failure t meet any requalificatin requirements, failure t submit required infrmatin, etc. QIR Cmpanies in Remediatin are listed n the Website in Red, indicating Remediatin status withut further explanatin as t why the designatin is warranted. If administrative r nn-severe quality prblems are detected, PCI SSC will typically recmmend participatin in the Remediatin prgram. Remediatin prvides an pprtunity fr QIR Cmpanies and/r Emplyees t imprve perfrmance by wrking clsely with PCI SSC staff; and in the absence f participatin, quality issues may increase. During Remediatin, QIR Cmpanies and QIR Emplyees may cntinue t perfrm installatins, cnfiguratins and peratinal supprt. During Remediatin and generally in cnnectin with PCI SSC s QIR Prgram quality assurance initiatives, PCI SSC may mnitr and require QIR Cmpanies t prvide QIR Implementatin Statements and any ther materials, infrmatin r wrk prduct generated r btained during the curse f Qualified Installatins (redacted in accrdance with QIR Prgram plicy). Such materials must be prvided within three (3) weeks f PCI SSC s request. QIR Cmpanies may als be charged fees t cver PCI SSC s csts f mnitring and Remediatin. Remediatin is a jint effrt between the QIR Cmpany and PCI SSC t imprve the quality f the QIR Cmpany wrk prduct. The QIR Cmpany must submit a Remediatin plan acceptable t PCI SSC, detailing hw the QIR Cmpany plans t imprve the quality f its Qualified Installatins and related wrk prduct. PCI SSC may audit the QIR Cmpany s cmpliance with its quality assurance prgram and ther QIR prgramrelated requirements, at the sle cst and expense f the QIR Cmpany Revcatin In the event PCI SSC determines in its sle but reasnable discretin that a QIR Cmpany r QIR Emplyee meets any cnditin fr revcatin f QIR Cmpany r QIR Emplyee qualificatin established by PCI SSC frm time t time (satisfactin f any

14 QIR Prgram Guide, v 3.0 September PCI Security Standards Cuncil, LLC Page 11 such cnditin, a Vilatin ), including withut limitatin, any f the cnditins described as Vilatins belw, PCI SSC may, effective immediately upn ntice t the QIR Cmpany, revke the QIR Cmpany and/r QIR Emplyee qualificatin ( Revcatin ) and/r terminate the QIR Cmpany s QIR Agreement. Vilatins include (withut limitatin) the fllwing: Vilatin f any bligatin regarding nn-disclsure f cnfidential materials. Failure t maintain physical, electrnic and prcedural safeguards t prtect cnfidential r sensitive infrmatin; and/r failure t reprt t PCI SSC unauthrized access t any system that stres cnfidential r sensitive infrmatin. Engagement in unprfessinal r unethical business cnduct, including misrepresentatin f the PCI DSS r any ther PCI SSC requirements r dcuments t sell prducts r services. Failure t prvide quality services, based n custmer feedback r evaluatin by PCI SSC, any f its affiliates r any third party. Cheating n any exam in cnnectin with QIR Prgram training, including withut limitatin submitting wrk that is nt the wrk f the QIR Emplyee taking the exam; theft f r unauthrized access t an exam; use f an alternate, stand-in r prxy during an exam; use f any prhibited r unauthrized materials, ntes r cmputer prgrams during an exam; and prviding r cmmunicating in any way any unauthrized infrmatin t anther persn during an exam. Prvisin f false r intentinally incmplete r misleading infrmatin t PCI SSC in any applicatin r ther materials. Permitting any unqualified prfessinal t perfrm (r participate in the perfrmance f) any Qualified Installatin fr r n behalf f the QIR Cmpany. Failure t be in Gd Standing. Failure t perfrm any Qualified Installatin in accrdance with the QIR Prgram Guide. Revelatin by frensic evidence that a security r data breach f the QIR Cmpany led t a security r data breach f any f their QIR custmers. Failure t prvide prf f Cntinuing Prfessinal Educatin (CPE) hurs fr its QIR Emplyees. Failure t prmptly ntify PCI SSC f any Vilatins described abve that ccurred less than tw (2) years befre such QIR Cmpany s r QIR Emplyee s qualificatin by PCI SSC. Upn QIR Cmpany Revcatin and/r terminatin f its QIR Agreement, the QIR Cmpany is remved frm the QIR List and/r its listing may be anntated as PCI SSC deems apprpriate, and must (a) immediately cease all advertising and prmtin f its QIR Cmpany qualificatin and/r status; (b) immediately cease sliciting fr and perfrming all pending Engagements, Qualified Installatins r ther Services unless and t the extent therwise instructed by PCI SSC; (c) if requested by PCI SSC, btain (at the QIR Cmpany s sle cst and expense) the services f a replacement QIR Cmpany acceptable t PCI SSC fr purpses f cmpleting any unperfrmed Services fr which it is engaged immediately prir t such Revcatin r terminatin, and (d) within fifteen (15) days theref, in a manner acceptable t PCI SSC, ntify thse f its

15 Custmers with which the QIR Cmpany is then engaged t perfrm Services f such Revcatin r terminatin and, if applicable, f any cnditins, restrictins r requirements f such Revcatin that may impact its ability t perfrm such Services fr Custmers ging frward. PCI SSC may ntify any third party f such Revcatin r terminatin and the reasn(s) therefr. Revcatin is subject t appeal and pssible reinstatement f qualificatin in accrdance with QIR Prgram plicies and prcedures. All appeals must be submitted t PCI SSC in writing within thirty (30) days f Revcatin, addressed t the PCI SSC General Manager, and must fllw all applicable prcedures as specified by PCI SSC. All determinatins f PCI SSC regarding Revcatin and any related appeals are in PCI SSC s sle discretin, final and binding upn the QIR Cmpany. In the event the QIR Cmpany fails t submit a request fr appeal within the alltted 30-day perid, r if PCI SSC determines n appeal that terminatin is warranted, then effective immediately and autmatically thereafter, the QIR Agreement and QIR s QIR Cmpany qualificatin shall terminate. Upn Revcatin, the perid f ineligibility will be a minimum f ne (1) year as determined by PCI SSC in a reasnable and nn-discriminatry manner (in light f the circumstances) after the date f Revcatin r unsuccessful reslutin f appeal, whichever is later. QIR Prgram Guide, v 3.0 September PCI Security Standards Cuncil, LLC Page 12

16 Appendix A: Acceptable Frms f Dcumented Evidence Fr a minimum f three (3) years, QIR Cmpanies must secure and maintain dcumented evidence (whether in digital r hard cpy frmat) substantiating all services, including but nt limited t cpies f any and all case lgs, cnfiguratin and ther installatin results, wrk papers, ntes and technical infrmatin created and/r btained during each Qualified Installatin. The fllwing frms f dcumented evidence are acceptable fr purpses f cmpliance with the QIR Prgram Guide. Cpies f any lgs r cnfiguratin files used r generated Cpies f any applicatin-vendr written/published dcumentatin used Cpies f any trubleshting requests raised with the applicatin vendr during r as a result f the implementatin Any written/published applicatin-vendr prcedures used during the implementatin Any written prcess dcuments Interview ntes Change-cntrl dcumentatin Installatin lgs System-cnfiguratin files Written/published methdlgies Any written/published vendr prcedures Cpies/screenshts f any f the fllwing: displays f payment card data including but nt limited t POS devices, screens, lgs and receipts Screenshts f any cnfiguratin settings including but nt limited t thse settings relevant t secure authenticatin, lgging and remte access QIR Prgram Guide, v 3.0 September PCI Security Standards Cuncil, LLC Page 13

VCU Payment Card Policy

VCU Payment Card Policy VCU Payment Card Plicy Plicy Type: Administrative Respnsible Office: Treasury Services Initial Plicy Apprved: 12/05/2013 Current Revisin Apprved: 12/05/2013 Plicy Statement and Purpse The purpse f this

More information

UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES

UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES REFERENCES AND RELATED POLICIES A. UC PPSM 2 -Definitin f Terms B. UC PPSM 12 -Nndiscriminatin in Emplyment C. UC PPSM 14 -Affirmative

More information

expertise hp services valupack consulting description security review service for Linux

expertise hp services valupack consulting description security review service for Linux expertise hp services valupack cnsulting descriptin security review service fr Linux Cpyright services prvided, infrmatin is prtected under cpyright by Hewlett-Packard Cmpany Unpublished Wrk -- ALL RIGHTS

More information

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply Sectin 1 General Infrmatin RFR Number: (Reference BPO Number) Functinal Area (Enter One Only) F50B3400026 7 Infrmatin System Security Labr Categry A single supprt resurce may be engaged fr a perid nt t

More information

Payment Card Industry (PCI) Qualification Requirements

Payment Card Industry (PCI) Qualification Requirements Payment Card Industry (PCI) Qualificatin Requirements Fr Qualified Integratrs and Resellers (QIRs) Versin 3.0 September 2015 Dcument Changes Date Versin Descriptin August 2012 1.0 Initial release f the

More information

Process of Setting up a New Merchant Account

Process of Setting up a New Merchant Account Prcess f Setting up a New Merchant Accunt Table f Cntents PCI DSS... 3 Wh t cntact?... 3 Bakcgrund n PCI... 3 Why cmply?... 3 Hw t cmply?... 3 PCI DSS Scpe... 4 Des PCI DSS Apply t Me?... 4 What if I am

More information

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy COPIES-F.Y.I., INC. Plicies and Prcedures Data Security Plicy Page 2 f 7 Preamble Mst f Cpies FYI, Incrprated financial, administrative, research, and clinical systems are accessible thrugh the campus

More information

PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK

PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Department f Health and Human Services OFFICE OF INSPECTOR GENERAL PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Inquiries abut this reprt may be addressed t the Office f Public Affairs

More information

ITIL Release Control & Validation (RCV) Certification Program - 5 Days

ITIL Release Control & Validation (RCV) Certification Program - 5 Days ITIL Release Cntrl & Validatin (RCV) Certificatin Prgram - 5 Days Prgram Overview ITIL is a set f best practices guidance that has becme a wrldwide-adpted framewrk fr Infrmatin Technlgy Services Management

More information

Key Steps for Organizations in Responding to Privacy Breaches

Key Steps for Organizations in Responding to Privacy Breaches Key Steps fr Organizatins in Respnding t Privacy Breaches Purpse The purpse f this dcument is t prvide guidance t private sectr rganizatins, bth small and large, when a privacy breach ccurs. Organizatins

More information

Systems Support - Extended

Systems Support - Extended 1 General Overview This is a Service Level Agreement ( SLA ) between and the Enterprise Windws Services t dcument: The technlgy services the Enterprise Windws Services prvides t the custmer. The targets

More information

Frequently Asked Questions about the Faith A. Fields Nursing Scholarship Loan

Frequently Asked Questions about the Faith A. Fields Nursing Scholarship Loan ARKANSAS STATE BOARD OF NURSING 1123 S. University Avenue, Suite 800, University Twer Building, Little Rck, AR 72204 Phne: (501) 686-2700 Fax: (501) 686-2714 www.arsbn.rg Frequently Asked Questins abut

More information

Heythrop College Disciplinary Procedure for Support Staff

Heythrop College Disciplinary Procedure for Support Staff Heythrp Cllege Disciplinary Prcedure fr Supprt Staff Intrductin 1. This prcedural dcument des nt apply t thse academic-related staff wh are mentined in the Cllege s Ordinance, namely the Librarian and

More information

First Global Data Corp.

First Global Data Corp. First Glbal Data Crp. Privacy Plicy As f February 23, 2015 Ding business with First Glbal Data Crp. ("First Glbal", First Glbal Mney, "we" r "us", which includes First Glbal Data Crp. s subsidiary, First

More information

Internal Audit Charter and operating standards

Internal Audit Charter and operating standards Internal Audit Charter and perating standards 2 1 verview This dcument sets ut the basis fr internal audit: (i) the Internal Audit charter, which establishes the framewrk fr Internal Audit; and (ii) hw

More information

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments University f Texas at Dallas Plicy fr Accepting Credit Card and Electrnic Payments Cntents: Purpse Applicability Plicy Statement Respnsibilities f a Merchant Department Prcess t Becme a Merchant Department

More information

Multi-Year Accessibility Policy and Plan for NSF Canada and NSF International Strategic Registrations Canada Company, 2014-2021

Multi-Year Accessibility Policy and Plan for NSF Canada and NSF International Strategic Registrations Canada Company, 2014-2021 Multi-Year Accessibility Plicy and Plan fr NSF Canada and NSF Internatinal Strategic Registratins Canada Cmpany, 2014-2021 This 2014-21 accessibility plan utlines the plicies and actins that NSF Canada

More information

HIPAA HITECH ACT Compliance, Review and Training Services

HIPAA HITECH ACT Compliance, Review and Training Services Cmpliance, Review and Training Services Risk Assessment and Risk Mitigatin: The first and mst imprtant step is t undertake a hlistic risk assessment that examines the risks and cntrls related t fur critical

More information

BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS

BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS SERIES: 1 General Rules RULE: 17.1 Recrd Retentin Scpe: The purpse f this rule is t establish the systematic review, retentin and destructin

More information

GUIDANCE FOR BUSINESS ASSOCIATES

GUIDANCE FOR BUSINESS ASSOCIATES GUIDANCE FOR BUSINESS ASSOCIATES This Guidance fr Business Assciates dcument is intended t verview UPMCs expectatins, as well as t prvide additinal resurces and infrmatin, t UPMC s HIPAA business assciates.

More information

SECTION J QUALITY ASSURANCE AND IMPROVEMENT PROGRAM

SECTION J QUALITY ASSURANCE AND IMPROVEMENT PROGRAM Audit Manual Sectin J SECTION J QUALITY ASSURANCE AND IMPROVEMENT PROGRAM Ref. Plicy and Practice Requirements IIA Standards and Other references J 1 Plicy: The Head f Internal Audit shall develp and maintain

More information

Symantec User Authentication Service Level Agreement

Symantec User Authentication Service Level Agreement Symantec User Authenticatin Service Level Agreement Overview and Scpe This Symantec User Authenticatin service level agreement ( SLA ) applies t Symantec User Authenticatin prducts/services, such as Managed

More information

MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER

MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER This Audit Cmmittee Charter has been amended as f July 17, 2015. The Audit Cmmittee shall review and reassess this Charter annually and recmmend

More information

General Records Authority 33. Accredited Training

General Records Authority 33. Accredited Training General Recrds Authrity 33 2012/00579704 Accredited Training February 2013 This is an accurate reprductin f the authrised recrds authrity cntent, created fr accessibility purpses CONTENTS INTRODUCTION

More information

THIRD PARTY PROCUREMENT PROCEDURES

THIRD PARTY PROCUREMENT PROCEDURES ADDENDUM #1 THIRD PARTY PROCUREMENT PROCEDURES NORTH CENTRAL TEXAS COUNCIL OF GOVERNMENTS TRANSPORTATION DEPARTMENT JUNE 2011 OVERVIEW These prcedures establish standards and guidelines fr the Nrth Central

More information

ITIL Service Offerings & Agreement (SOA) Certification Program - 5 Days

ITIL Service Offerings & Agreement (SOA) Certification Program - 5 Days ITIL Service Offerings & Agreement (SOA) Certificatin Prgram - 5 Days Prgram Overview ITIL is a set f best practices guidance that has becme a wrldwide-adpted framewrk fr Infrmatin Technlgy Services Management

More information

ITIL V3 Planning, Protection and Optimization (PPO) Certification Program - 5 Days

ITIL V3 Planning, Protection and Optimization (PPO) Certification Program - 5 Days ITIL V3 Planning, Prtectin and Optimizatin (PPO) Certificatin Prgram - 5 Days Prgram Overview The ITIL Intermediate Qualificatin: Planning, Prtectin and Optimizatin (PPO) Certificate is a free-standing

More information

Privacy and Security Training Policy (PS.Pol.051)

Privacy and Security Training Policy (PS.Pol.051) Privacy and Security Training Plicy (PS.Pl.051) Purpse T define the plicies and prcedures fr prviding privacy and security training in respect f the CnnectingGTA Slutin. Definitins Electrnic Service Prvider

More information

We will record and prepare documents based off the information presented

We will record and prepare documents based off the information presented Dear Client: We appreciate the pprtunity f wrking with yu regarding yur Payrll needs. T ensure a cmplete understanding between us, we are setting frth the pertinent infrmatin abut the services that we

More information

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Versin: Mdified By: Date: Apprved By: Date: 1.0 Michael Hawkins Octber 29, 2013 Dan Bwden Nvember 2013 Rule 4-004J Payment Card Industry (PCI) Patch Management (prpsed) 01.1 Purpse The purpse f the Patch

More information

Personal Data Security Breach Management Policy

Personal Data Security Breach Management Policy Persnal Data Security Breach Management Plicy 1.0 Purpse The Data Prtectin Acts 1988 and 2003 impse bligatins n data cntrllers in Western Care Assciatin t prcess persnal data entrusted t them in a manner

More information

Woodstock Multimedia, INC. Software/Hardware Usage Policy

Woodstock Multimedia, INC. Software/Hardware Usage Policy Wdstck Multimedia, INC. Sftware/Hardware Usage Plicy POLICY PURPOSE The purpse f the Wdstck Multimedia, INC. Sftware / Hardware Usage Plicy is t ensure that Wdstck Multimedia, INC. emplyees are prperly

More information

Cyber Security: Simulation Platform

Cyber Security: Simulation Platform Service Overview The Symantec Cyber Security: Simulatin Platfrm is a Web hsted Service with immersive and hands-n access t cyber exercises fr ffensive (red team) events, inspired by real-life security

More information

BAMS Third Party Service Providers (TPSPs) FAQs

BAMS Third Party Service Providers (TPSPs) FAQs BAMS Third Party Service Prviders (TPSPs) FAQs 1) What is the Third Party Service Prvider (TPSP) Agent Registratin Prgram? The TPSP Agent Registratin Prgram is a Card Brand (Visa USA Inc and MasterCard

More information

FINANCIAL OPTIONS. 2. For non-insured patients, payment is due on the day of service.

FINANCIAL OPTIONS. 2. For non-insured patients, payment is due on the day of service. FINANCIAL OPTIONS 1. Fr thse patients wh carry dental insurance, all c-payments are due n date f service. We will file yur claim as a service t yu, and will d ur very best t maximize yur benefits. We accept

More information

TITLE: Supplier Contracting Guidelines Process: FIN_PS_PSG_050 Replaces: Manual Sections 6.4, 7.1, 7.5, 7.6, 7.11 Effective Date: 10/1/2014 Contents

TITLE: Supplier Contracting Guidelines Process: FIN_PS_PSG_050 Replaces: Manual Sections 6.4, 7.1, 7.5, 7.6, 7.11 Effective Date: 10/1/2014 Contents TITLE: Supplier Cntracting Guidelines Prcess: FIN_PS_PSG_050 Replaces: Manual Sectins 6.4, 7.1, 7.5, 7.6, 7.11 Cntents 1 Abut university supplier cntracting... 2 2 When is a cntract required?... 2 3 Wh

More information

Malpractice and Maladministration Policy

Malpractice and Maladministration Policy TR340 Malpractice and Maladministratin Plicy This plicy aims t: Define malpractice and maladministratin in the cntext f CIM/CAM studying members, Accredited study centres (ASCs), examinatin centres, invigilatrs

More information

Accident Investigation

Accident Investigation Accident Investigatin APPLICABLE STANDARD: 1960.29 EMPLOYEES AFFECTED: All emplyees WHAT IS IT? Accident investigatin is the prcess f determining the rt causes f accidents, n-the-jb injuries, prperty damage,

More information

Enrollee Health Assessment Program Implementation Guide and Best Practices

Enrollee Health Assessment Program Implementation Guide and Best Practices Enrllee Health Assessment Prgram Implementatin Guide and Best Practices March 2015 033129 (03-2015) This guide will help yu answer these questins: What is the Enrllee Health Assessment (EHA) prgram and

More information

Customer Support & Software Enhancements Policy

Customer Support & Software Enhancements Policy Custmer Supprt & Sftware Enhancements Plicy Welcme t Manhattan Assciates Custmer Supprt Organizatin (CSO). Staying current n Custmer Supprt & Sftware Enhancements and n a supprted versin f the licensed

More information

Business Continuity Management Systems Foundation Training Course

Business Continuity Management Systems Foundation Training Course Certificatin criteria fr Business Cntinuity Management Systems Fundatin Training Curse CONTENTS 1. INTRODUCTION 2. LEARNING OBJECTIVES 3. ENABLING OBJECTIVES KNOWLEDGE & SKILLS 4. TRAINING METHODS 5. COURSE

More information

PCI - Why You Need to be Compliant When Accepting Credit Card Payments. Agenda. Breaches in the Headlines. Breach Events & Commonalities

PCI - Why You Need to be Compliant When Accepting Credit Card Payments. Agenda. Breaches in the Headlines. Breach Events & Commonalities PCI - Why Yu Need t be Cmpliant When Accepting Credit Card Payments Tuesday, March 27, 2012 Agenda Breach Events & Cmmnalities Evlutin f PCI PCI Requirements Risks f Nn-cmpliance Industry Initiatives t

More information

Nuance Healthcare Services Project Delivery Methodology

Nuance Healthcare Services Project Delivery Methodology NUANCE PROFESSIONAL SERVICES Nuance Healthcare Services 2008 Nuance Cmmunicatins, Inc. All rights reserved. Nuance Healthcare Services 1 INTRODUCTION This dcument describes the prject management methdlgy

More information

CORPORATE CREDIT CARD POLICY

CORPORATE CREDIT CARD POLICY TITLE: POLICY OWNERS: DATE INSTITUTED: May 1, 2008 CURRENT VERSION: Ver. 1.6 REVISION DATE: July 1, 2015 Crprate Credit Card Plicy Melissa Cluse, Vice President & Cntrller Cindy Klein, Accunts Payable

More information

Audit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd

Audit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd Audit Cmmittee Charter St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd Versin 2.0, 22 February 2016 Apprver Bard f Directrs St Andrew

More information

Support Services. v1.19 / 2015-07-02

Support Services. v1.19 / 2015-07-02 Supprt Services v1.19 / 2015-07-02 Intrductin - Table f Cntents 1 Intrductin... 3 2 Definitins... 4 3 Supprt Prgram Feature Overview... 5 4 SLA fr the Supprt Services... 6 4.1 Standard Supprt... 6 4.2

More information

NHVAS Mass Management Spot Check Checklist

NHVAS Mass Management Spot Check Checklist Legal Entity Name f NHVAS Operatr: DTMR Representative: Lcatin: NHVAS Mass Management Spt Check Checklist Spt Check Date: Spt Check Number: DMS Number: 540/ The fllwing surces f evidence have been identified

More information

Loss Share Data Specifications Change Management Plan

Loss Share Data Specifications Change Management Plan Lss Share Data Specificatins Change Management Plan Last Updated: 2/27/2013 Table f Cntents I. Purpse... 3 II. Change Management Apprach... 3 III. Categries f Revisins... 4 IV. Help and Supprt... 6 Lss

More information

Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1

Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1 Imprved Data Center Pwer Cnsumptin and Streamlining Management in Windws Server 2008 R2 with SP1 Disclaimer The infrmatin cntained in this dcument represents the current view f Micrsft Crpratin n the issues

More information

Training & Assessment Strategy Policy Procedure

Training & Assessment Strategy Policy Procedure 1.0 Purpse The purpse f this plicy and prcedure utline the methdlgy t develp training and assessment strategies, implementing a cmprehensive training and assessment strategy, and t ensure that all training

More information

THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM

THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM 1. Prgram Adptin The City University f New Yrk (the "University") develped this Identity Theft Preventin Prgram (the "Prgram") pursuant

More information

WHAT YOU NEED TO KNOW ABOUT. Protecting your Privacy

WHAT YOU NEED TO KNOW ABOUT. Protecting your Privacy WHAT YOU NEED TO KNOW ABOUT Prtecting yur Privacy YOUR PRIVACY IS OUR PRIORITY Credit unins have a histry f respecting the privacy f ur members and custmers. Yur Bard f Directrs has adpted the Credit Unin

More information

Guidelines for Custodians

Guidelines for Custodians Guidelines fr Custdians t assess cmpliance with the Persnal Health Infrmatin Privacy and Access Act (PHIPAA) This dcument is designed t help custdians evaluate readiness fr cmpliance with PHIPAA and t

More information

Army DCIPS Employee Self-Report of Accomplishments Overview Revised July 2012

Army DCIPS Employee Self-Report of Accomplishments Overview Revised July 2012 Army DCIPS Emplyee Self-Reprt f Accmplishments Overview Revised July 2012 Table f Cntents Self-Reprt f Accmplishments Overview... 3 Understanding the Emplyee Self-Reprt f Accmplishments... 3 Thinking Abut

More information

Service Level Agreement (SLA) Hosted Products. Netop Business Solutions A/S

Service Level Agreement (SLA) Hosted Products. Netop Business Solutions A/S Service Level Agreement (SLA) Hsted Prducts Netp Business Slutins A/S Cntents 1 Service Level Agreement... 3 2 Supprt Services... 3 3 Incident Management... 3 3.1 Requesting service r submitting incidents...

More information

Health and Safety Training and Supervision

Health and Safety Training and Supervision Intrductin: Health and Safety Training and Supervisin University f Nttingham is cmmitted t maintaining and develping standards f excellence in all aspects f its business. T that end, the University aspires

More information

TrustED Briefing Series:

TrustED Briefing Series: TrustED Briefing Series: Since 2001, TrustCC has prvided IT audits and security assessments t hundreds f financial institutins thrugh ut the United States. Our TrustED Briefing Series are white papers

More information

ARE YOU INTERESTED IN THE PRIOR LEARNING ASSESSMENT (PLA) PROGRAM?

ARE YOU INTERESTED IN THE PRIOR LEARNING ASSESSMENT (PLA) PROGRAM? ARE YOU INTERESTED IN THE PRIOR LEARNING ASSESSMENT (PLA) PROGRAM? City University f Seattle recgnizes that learning ccurs in many different ways and under varied circumstances. As a result, the University

More information

Hillsborough Board of Education Acceptable Use Policy for Using the Hillsborough Township Public Schools Network

Hillsborough Board of Education Acceptable Use Policy for Using the Hillsborough Township Public Schools Network 2361/Page 1 f 6 Hillsbrugh Bard f Educatin Acceptable Use Plicy fr Using the Hillsbrugh Twnship Public Schls Netwrk It is the gal f the HTPS (Hillsbrugh Twnship Public Schls) Netwrk t prmte educatinal

More information

OUR DISCIPLINARY POLICY

OUR DISCIPLINARY POLICY OUR DISCIPLINARY POLICY WHO is this plicy fr? Channel 4 emplyees wh ve passed their prbatinary perid Channel 4 managers This plicy des nt frm part f any emplyee s cntract f emplyment and we may amend it

More information

Information Services Hosting Arrangements

Information Services Hosting Arrangements Infrmatin Services Hsting Arrangements Purpse The purpse f this service is t prvide secure, supprted, and reasnably accessible cmputing envirnments fr departments at DePaul that are in need f server-based

More information

ITIL V3 Service Offerings and Agreements (SOA) Certification Program - 5 Days

ITIL V3 Service Offerings and Agreements (SOA) Certification Program - 5 Days ITIL V3 Service Offerings and Agreements (SOA) Certificatin Prgram - 5 Days Prgram Overview The ITIL Intermediate Qualificatin: Service Offerings and Agreements (SOA) Certificate, althugh a stand alne

More information

Research Report. Abstract: The Emerging Intersection Between Big Data and Security Analytics. November 2012

Research Report. Abstract: The Emerging Intersection Between Big Data and Security Analytics. November 2012 Research Reprt Abstract: The Emerging Intersectin Between Big Data and Security Analytics By Jn Oltsik, Senir Principal Analyst With Jennifer Gahm Nvember 2012 2012 by The Enterprise Strategy Grup, Inc.

More information

Change Management Process

Change Management Process Change Management Prcess B1.10 Change Management Prcess 1. Intrductin This plicy utlines [Yur Cmpany] s apprach t managing change within the rganisatin. All changes in strategy, activities and prcesses

More information

A96 CALA Policy on the use of Computers in Accredited Laboratories Revision 1.5 August 4, 2015

A96 CALA Policy on the use of Computers in Accredited Laboratories Revision 1.5 August 4, 2015 A96 CALA Plicy n the use f Cmputers in Accredited Labratries Revisin 1.5 August 4, 2015 A96 CALA Plicy n the use f Cmputers in Accredited Labratries TABLE OF CONTENTS TABLE OF CONTENTS... 1 CALA POLICY

More information

Online Learning Portal best practices guide

Online Learning Portal best practices guide Online Learning Prtal Best Practices Guide best practices guide This dcument prvides Micrsft Sftware Assurance Benefit Administratrs with best practices fr implementing e-learning thrugh the Micrsft Online

More information

Duration of job. Context and environment: (e.g. dept description, region description, organogram)

Duration of job. Context and environment: (e.g. dept description, region description, organogram) Rle Prfile Jb Descriptin Jb Title Ref n: Prgramme Manager, Services fr Internatinal Educatin Marketing Directrate r Regin East Asia Department/Cuntry Indnesia Lcatin f pst Jakarta Pay Band G Reprts t Senir

More information

Johnston Public Schools Special Education Procedural Manual. IEP Overview

Johnston Public Schools Special Education Procedural Manual. IEP Overview Jhnstn Public Schls Special Educatin Prcedural Manual IEP Overview Definitin The Individualized Educatin Prgram (IEP) is a written plan fr the apprpriate educatin f students with disabilities. It is a

More information

Environmental, Health & Safety Management System (EHSMS) Training, Awareness and Competency Procedure Revision Number: 7

Environmental, Health & Safety Management System (EHSMS) Training, Awareness and Competency Procedure Revision Number: 7 Envirnmental, Health & Safety Management System (EHSMS) Dcument Number: 00122 Issue Date: 05/07/2014 Training, Awareness and Cmpetency Prcedure Revisin Number: 7 Prepared By: Stalcup, Bryce Apprved By:

More information

Credit Work Group Recommendation

Credit Work Group Recommendation Credit Wrk Grup Recmmendatin T: Credit Wrk Grup Frm: Mike Bixby (305) 829-5549 mbixby@inf1team.cm Paul Wills (770) 740-7353 Paul.Wills@equifax.cm Date: Octber 7, 2004 Re: FACT Act Implicatins and Recmmendatins

More information

FAYETTEVILLE STATE UNIVERSITY

FAYETTEVILLE STATE UNIVERSITY FAYETTEVILLE STATE UNIVERSITY IDENTITY THEFT PREVENTION (RED FLAGS RULE) Authrity: Categry: Issued by the Fayetteville State University Bard f Trustees. University-Wide Applies t: Administratrs Faculty

More information

Software Quality Assurance

Software Quality Assurance Sftware Quality Assurance Is it the same as Testing? Teji Chpra, Senir Test Cnsultant Planit Sftware Testing Abstract This paper attempts t dispel sme cmmn miscnceptins regarding the rles f Testing and

More information

Performance Management Review Guidelines Ver

Performance Management Review Guidelines Ver Perfrmance Management Review Guidelines Ver. 1.29.2016 Table f Cntents Sectin 1.0 Sectin 2.0 Sectin 3.0 Perfrmance Management Prgram Overview 1.1: What is Perfrmance Management? 1.2: Indiana University

More information

NAIC Replacement Requirements For Certain Life Insurance Policies And Annuity Contracts

NAIC Replacement Requirements For Certain Life Insurance Policies And Annuity Contracts NAIC Replacement Requirements Fr Certain Life Insurance Plicies And Annuity Cntracts Duties f Prducers If a transactin invlves a replacement, the prducer must leave with the applicant, at the time an applicatin

More information

Request for Proposal. Saskatchewan Arts Board. Database Development. RFP Reference Number S AB-ADMIN001. Release Date Februar y 9, 2016

Request for Proposal. Saskatchewan Arts Board. Database Development. RFP Reference Number S AB-ADMIN001. Release Date Februar y 9, 2016 Request fr Prpsal Saskatchewan Arts Bard Database Develpment RFP Reference Number S AB-ADMIN001 Release Date Februar y 9, 2016 Clsing Date March 1, 2016 Clsing Time 2:00 pm, Lcal Sask. Time Page 2 f 7

More information

FORM ADV (Paper Version) UNIFORM APPLICATION FOR INVESTMENT ADVISER REGISTRATION AND REPORT FORM BY EXEMPT REPORTING ADVISERS

FORM ADV (Paper Version) UNIFORM APPLICATION FOR INVESTMENT ADVISER REGISTRATION AND REPORT FORM BY EXEMPT REPORTING ADVISERS APPENDIX A FORM ADV (Paper Versin) UNIFORM APPLICATION FOR INVESTMENT ADVISER REGISTRATION AND REPORT FORM BY EXEMPT REPORTING ADVISERS Frm ADV: General Instructins Read these instructins carefully befre

More information

Doctoral Framework Guidelines

Doctoral Framework Guidelines Dctral Framewrk Guidelines UTS Framewrk fr Dctral Educatin UTS Business Schl Higher Degree Research 1. Intrductin The UTS Framewrk fr Dctral Educatin is a UTS-wide initiative directed twards imprving the

More information

Audit Committee Charter

Audit Committee Charter Audit Cmmittee Charter Membership The Audit Cmmittee (the "Cmmittee") f the Bard f Directrs (the "Bard") f Philip Mrris Internatinal Inc. (the "Cmpany") shall cnsist f at least three directrs all f whm

More information

Bill Payment Agreement & Disclosures

Bill Payment Agreement & Disclosures Bill Payment Agreement & Disclsures Welcme t Online Banking Bill Payment Service. Use f the Bill Payment Service indicates acceptance f terms and cnditins set frth in the Online Banking Agreement & Disclsures

More information

Frequently Asked Questions About I-9 Compliance

Frequently Asked Questions About I-9 Compliance Frequently Asked Questins Abut I-9 Cmpliance What is required t verify wrk authrizatin? The basic requirement t verify wrk authrizatin is the Frm I-9. This frm is available n the HR website: http://www.fit.edu/hr/dcuments/frms/i-9.pdf

More information

Corporate Standards for data quality and the collation of data for external presentation

Corporate Standards for data quality and the collation of data for external presentation The University f Kent Crprate Standards fr data quality and the cllatin f data fr external presentatin This paper intrduces a set f standards with the aim f safeguarding the University s psitin in published

More information

FREQUENTLY ASKED QUESTIONS ON THE EUCOMED ETHICAL BUSINESS LOGO

FREQUENTLY ASKED QUESTIONS ON THE EUCOMED ETHICAL BUSINESS LOGO Rue Jseph II, 40 www.eucmed.rg FREQUENTLY ASKED QUESTIONS ON THE EUCOMED ETHICAL BUSINESS LOGO Q1: What is the Eucmed Ethical Business Lg? A1: The Ethical Business Lg is a Lg licensed by Eucmed, the Eurpean

More information

DATE APPROVED March 2011. Version Date Comments / Changes 1.0 March 2011 Initial policy released

DATE APPROVED March 2011. Version Date Comments / Changes 1.0 March 2011 Initial policy released Page 1 f 11 APPROVED (S) REVISED / REVIEWED SUMMARY Versin Date Cmments / Changes 1.0 Initial plicy released 1. PURPOSE OF THIS POLICY T define the purpses fr which Crprate Purchase Cards are t be used

More information

CHANGE MANAGEMENT STANDARD

CHANGE MANAGEMENT STANDARD The electrnic versin is current, r when printed and stamped with the green cntrlled dcument stamp. All ther cpies are uncntrlled. DOCUMENT INFORMATION Descriptin Dcument Owner This standard utlines the

More information

CCHIIM ICD-10 Continuing Education Requirements for AHIMA Certified Professionals (& Frequently Asked Questions for Recertification)

CCHIIM ICD-10 Continuing Education Requirements for AHIMA Certified Professionals (& Frequently Asked Questions for Recertification) CCHIIM ICD-10 Cntinuing Educatin Requirements fr AHIMA Certified Prfessinals (& Frequently Asked Questins fr Recertificatin) The transitin t ICD-10-CM and ICD-10-PCS is anticipated t imprve the capture

More information

CENTURIC.COM ONLINE DATA BACKUP AND DISASTER RECOVERY SOLUTION ADDENDUM TO TERMS OF SERVICE

CENTURIC.COM ONLINE DATA BACKUP AND DISASTER RECOVERY SOLUTION ADDENDUM TO TERMS OF SERVICE CENTURIC.COM ONLINE DATA BACKUP AND DISASTER RECOVERY SOLUTION ADDENDUM TO TERMS OF SERVICE This Agreement, named the Online Data Backup and Disaster Recvery Slutin Addendum t Centuric s Terms f Service

More information

Installation Guide Marshal Reporting Console

Installation Guide Marshal Reporting Console Installatin Guide Installatin Guide Marshal Reprting Cnsle Cntents Intrductin 2 Supprted Installatin Types 2 Hardware Prerequisites 2 Sftware Prerequisites 3 Installatin Prcedures 3 Appendix: Enabling

More information

MITEL INTEROP CERTIFICATION OVERVIEW FOR MSA DEVELOPER PARTNERS AND SIP SERVICE PROVIDERS

MITEL INTEROP CERTIFICATION OVERVIEW FOR MSA DEVELOPER PARTNERS AND SIP SERVICE PROVIDERS MITEL INTEROP CERTIFICATION OVERVIEW FOR MSA DEVELOPER PARTNERS AND SIP SERVICE PROVIDERS UPDATED FEBRUARY 27, 2014 MITEL INTEROPERABILITY CERTIFICATION OVERVIEW FOR MSA DEVELOPER PARTNERS AND SIP SERVICE

More information

Issuing of qualifications and statement of attainment Policy and Procedures Version: 5.0 Last Modified: 12 February 2015

Issuing of qualifications and statement of attainment Policy and Procedures Version: 5.0 Last Modified: 12 February 2015 Issuing f qualificatins and statement f attainment Plicy and Prcedures Versin: 5.0 Last Mdified: 12 February 2015 Purpse Duke Cllege issues AQF certificatin dcumentatin nly t a learner whm it has assessed

More information

Financial Accountability Handbook

Financial Accountability Handbook Financial Accuntability Handbk >> Vlume 5 Reprting Systems Infrmatin Sheet 5.2 Preparatin f Financial Statements Intrductin The Financial Accuntability Act 2009 (the Act) and the Financial and Perfrmance

More information

MaaS360 Cloud Extender

MaaS360 Cloud Extender MaaS360 Clud Extender Installatin Guide Cpyright 2012 Fiberlink Cmmunicatins Crpratin. All rights reserved. Infrmatin in this dcument is subject t change withut ntice. The sftware described in this dcument

More information

Software and Hardware Change Management Policy for CDes Computer Labs

Software and Hardware Change Management Policy for CDes Computer Labs Sftware and Hardware Change Management Plicy fr CDes Cmputer Labs Overview The cmputer labs in the Cllege f Design are clsely integrated with the academic needs f faculty and students. Cmputer lab resurces

More information

Purpose Statement. Objectives

Purpose Statement. Objectives Apprved by Academic Affairs Cuncil, June 24, 2014 Faculty Handbk Part VI: Other Plicies and Prcedures Sectin R. Intellectual Prperty Classified Emplyee Handbk Part VI: Other Plicies and Prcedures Sectin

More information

SECTION I.4 AUDIT ENGAGEMENT WORKING PAPERS

SECTION I.4 AUDIT ENGAGEMENT WORKING PAPERS SECTION I.4 AUDIT ENGAGEMENT WORKING PAPERS Ref. Plicy and Practice Requirements IIA Standards references I.4 1 Plicy: Wrking papers shall be prepared fr each audit engagement t recrd wrk perfrmed and

More information

Data Protection Policy & Procedure

Data Protection Policy & Procedure Data Prtectin Plicy & Prcedure Page 1 Prcnnect Marketing Data Prtectin Plicy V1.2 Data prtectin plicy Cntext and verview Key details Plicy prepared by: Adam Haycck Apprved by bard / management n: 01/01/2015

More information

Change Management Process For [Project Name]

Change Management Process For [Project Name] Management Prcess Fr [Prject Name] i 1 Intrductin The is fllwed during the Executin phase f the Prject Management Life Cycle, nce the prject has been frmally defined and planned. 1.1 What is a Management

More information

How to put together a Workforce Development Fund (WDF) claim 2015/16

How to put together a Workforce Development Fund (WDF) claim 2015/16 Index Page 2 Hw t put tgether a Wrkfrce Develpment Fund (WDF) claim 2015/16 Intrductin What eligibility criteria d my establishment/s need t meet? Natinal Minimum Data Set fr Scial Care (NMDS-SC) and WDF

More information

The Town of Fort Frances

The Town of Fort Frances The Twn f Frt Frances PERFORMANCE APPRAISAL POLICY SECTION HUMAN RESOURCES REVISED August 2002 Reslutin N. Supercedes Reslutin N. Plicy Number 3.3 PAGE 1 f 9 1. PURPOSE: The purpse f supprt staff perfrmance

More information

SPECIFICATION. Hospital Report Manager Connectivity Requirements. Electronic Medical Records DRAFT. OntarioMD Inc. Date: September 30, 2010

SPECIFICATION. Hospital Report Manager Connectivity Requirements. Electronic Medical Records DRAFT. OntarioMD Inc. Date: September 30, 2010 OntariMD Inc. Electrnic Medical Recrds SPECIFICATION Hspital Reprt Manager Cnnectivity Requirements DRAFT Date: September 30, 2010 Versin: 1.0 2007-2010 OntariMD Inc. All rights reserved HRM EMR Cnnectivity

More information