Payment Card Industry Data Security Standard (PCI-DSS)
|
|
- Elwin Snow
- 7 years ago
- Views:
Transcription
1 Payment Card Industry Data Security Standard () Training Standard 16 th September 2015 University of Leeds 2015 The intellectual property contained within this publication is the property of the University of Leeds. This publication (including its text and illustrations) is protected by copyright. Any unauthorised projection, editing, copying, reselling, rental or distribution of the whole or part of this publication in whatever form (including electronic and magnetic forms) is prohibited. [Any breach of this prohibition may render you liable to both civil proceedings and criminal penalties].
2 Training Standard Document Ownership and Management Standard Authors Kevin Darley and Dave Neild ( Internal Security Assessors [ISA]) Standard Owner John Grannan, IT Head of Service Management The audience of this document should be aware that a physical copy may not be the latest version. Those to whom this Standard applies are responsible for familiarising themselves periodically with the latest version and for complying with these requirements at all times. Version Number Date Circulation Changes th September and DSSCompliance/default.aspx First formal issue, signed off by Design Authority on 25 th August 2015 For information in alternative formats (for example, in Braille or large print), please k.j.darley@leeds.ac.uk or call on telephone number Training Standard Version Page 2 of 6
3 Training Standard 1 Introduction This document is one of a number of documents 1 which support the University s Payment Card Industry Data Security Standard () Security Policy. It delivers the training criteria for those working within University s cardholder data environment (CDE) 2 and it is intended to be read in conjunction with the other applicable University Standards. This document will be reviewed annually, as a minimum, in accordance with the. Specific audits will be carried out against each requirement and evidence will be recorded to demonstrate the University s compliance status. Those to whom this Standard applies must also familiarise themselves with the requirements of the University s Security Policy ( Protection of Point of Sale Equipment 9.3 Training materials at point of sale locations shall be used by staff to verify engineering visits to PEDs and tills and replacement of components and to be aware of and report any suspicious behaviour or suspected tampering of components in accordance with the Operational Security Standard. PEDs and Tills All Point of Sales Processing Staff 2.2 Awareness 12.6 A formal awareness programme shall be deployed to ensure that all staff associated with the CDE understand the importance of cardholder data security and are aware of the University s Security Policy and Security Standards that are relevant to their role. 1 Additional Standards include; Management Standard, Finance Procedures Processing of Credit and Debit Card Payments, Systems Security Standard, Training Standard and Incident Management Standard. 2 This includes PIN (Personal Identification Number) Entry Devices (PEDs), Tills, Virtual Terminals (VTs), Payment Gateway Web Servers, Network Equipment, File Servers and Desktop Machines Training Standard Version Page 3 of 6
4 Training Standard 3 Additional s The following requirements are in addition to SAQ-C compliance criteria. 3.1 Protection of Point of Sale Equipment Specific training regarding the visual inspection of PCs will be given to those supervising VT operations. VTs Alumni Office and Student Finance 3.2 Training Frequency Staff associated with the CDE will be trained in the requirements of pertinent to their role prior to commencing work, and annually thereafter. 3.3 Training Programme All new CDE users will have PCI training as part of their induction All payment channel business owners and will have annual PCI training All CDE users will have annual PCI training All CDE users will be given appropriate guidance for use of their CDE technology Staff associated with CDE will undertake annual Information Security Awareness training The training programme will be reviewed annually to ensure it remains appropriate in accordance with the Training Standard Version Page 4 of 6
5 Training Standard 3.4 Training Records Staff are required to sign a training record annually to confirm that they have received training. Line management are required to maintain records of this training on the SharePoint site ( in accordance with the Management Standard and are to arrange with their respective HR team for staff training records within SAP to be updated accordingly. 3.5 Incident Response Training N/A The Incident Investigations Team shall receive annual training on: Initial incident response within the CDE Electronic evidence preservation Incident response best practices Legal implications of an incident Incident Investigations Team Training Standard Version Page 5 of 6
6 Training Standard This page is intentionally left blank Training Standard Version Page 6 of 6
Payment Card Industry - Data Security Standard (PCI-DSS) Security Policy
Payment Card Industry - Data Security Standard () Security Policy Version 1-0-0 3 rd February 2014 University of Leeds 2014 The intellectual property contained within this publication is the property of
More informationAccess Control and Account Management Policy Version 1.8 9 May 2015
Information Security Management Access Control and Account Management Policy Version 1.8 9 May 2015 University of Leeds 2015 The intellectual property contained within this publication is the property
More informationLSE PCI-DSS Cardholder Data Environments Information Security Policy
LSE PCI-DSS Cardholder Data Environments Information Security Policy Written By: Jethro Perkins, Information Security Manager Reviewed By: Ali Lindsley, PCI-DSS Project Manager Endorsed By: PCI DSS project
More information<COMPANY> P01 - Information Security Policy
P01 - Information Security Policy Document Reference P01 - Information Security Policy Date 30th September 2014 Document Status Final Version 3.0 Revision History 1.0 09 November 2009: Initial release.
More informationUniversity of Sunderland Business Assurance PCI Security Policy
University of Sunderland Business Assurance PCI Security Policy Document Classification: Public Policy Reference Central Register IG008 Policy Reference Faculty / Service IG 008 Policy Owner Chief Financial
More informationProject Title slide Project: PCI. Are You At Risk?
Blank slide Project Title slide Project: PCI Are You At Risk? Agenda Are You At Risk? Video What is the PCI SSC? Agenda What are the requirements of the PCI DSS? What Steps Can You Take? Available Services
More informationIntroduction to PCI DSS
Month-Year Introduction to PCI DSS March 2015 Agenda PCI DSS History What is PCI DSS? / PCI DSS Requirements What is Cardholder Data? What does PCI DSS apply to? Payment Ecosystem How is PCI DSS Enforced?
More informationUCSD Credit Card Processing Policy & Procedure
UCSD Credit Card Processing Policy & Procedure The Payment Process UCSD accepts Visa, MasterCard, American Express and Discover credit cards. We perform credit transactions only, no debit sales with cash
More informationHuddersfield New College Further Education Corporation
Huddersfield New College Further Education Corporation Card Payments Policy (including information security and refunds) 1.0 Policy Statement Huddersfield New College Finance Office handles sensitive cardholder
More information2.0 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS (PCI-DSS)
CSU, Chico Credit Card Handling Security Standard Effective Date: July 28, 2015 1.0 INTRODUCTION This standard provides guidance to ensure that credit card acceptance and ecommerce processes comply with
More informationFinance Office. Card Handling Policy
Finance Office Card Handling Policy Prepared by: Lyndsay Brown Issued: November 2012 1 Contents Page 1 Introduction 3 2 Responsibility 3 3 The PCI Data Security Standard 3 4 PCI DSS Requirements 4 5 Receiving/
More informationSECTION: SUBJECT: PCI-DSS General Guidelines and Procedures
1. Introduction 1.1. Purpose and Background 1.2. Central Coordinator Contact 1.3. Payment Card Industry Data Security Standards (PCI-DSS) High Level Overview 2. PCI-DSS Guidelines - Division of Responsibilities
More informationUniversity of York Policy on the Management of Debit/ Credit Card Data
University of York Policy on the Management of Debit/ Credit Card Data Version 1.0 25th February 2015 Index 1 Introduction and Policy Statement 1.1 The Payment Card Industry Data Security Standard (PCI
More informationPayment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance Merchants with Only Imprint Machines or Only Standalone, Dial-out Terminals Electronic Cardholder
More informationCorporate Information Security Management Policy
Corporate Information Security Management Policy Signed: Chief Executive. 1. Definition of Information Security 1.1. Information security means safeguarding information from unauthorised access or modification
More informationVersion: 2.0. Effective From: 28/11/2014
Policy No: OP58 Version: 2.0 Name of Policy: Anti Virus Policy Effective From: 28/11/2014 Date Ratified 17/09/2014 Ratified Health Informatics Assurance Committee Review Date 01/09/2016 Sponsor Director
More informationA PCI Journey with Wichita State University
A PCI Journey with Wichita State University Blaine Linehan System Software Analyst III Financial Operations & Business Technology Division of Administration & Finance 1 Question #1 How many of you know
More informationThis policy applies to all GPC units that process, transmit, or handle cardholder information in a physical or electronic format.
Policy Number: 339 Policy Title: Credit Card Processing Policy, Procedure, & Standards Review Date: 07-23-15 Approval Date: 07-27-15 POLICY: All individuals involved in handling credit and debit card transactions
More informationHow To Use A Corporate Credit Card
Corporate Credit Card Policy June 2012 1. PURPOSE The purpose of this policy is to provide authority for the use of corporate credit cards. 2. SCOPE This Policy applies to all Council Officials as defined
More informationDartmouth College Merchant Credit Card Policy for Managers and Supervisors
Dartmouth College Merchant Credit Card Policy for Managers and Supervisors Mission Statement Dartmouth College requires all departments that process, store or transmit credit card data remain in compliance
More informationPCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:
What is PCI DSS? PCI DSS is an acronym for Payment Card Industry Data Security Standards. PCI DSS is a global initiative intent on securing credit and banking transactions by merchants & service providers
More informationCITY OF SAN DIEGO ADMINISTRATIVE REGULATION Number 95.51 PAYMENT CARD INDUSTRY (PCI) COMPLIANCE POLICY. Page 1 of 9.
95.5 of 9. PURPOSE.. To establish a policy that outlines the requirements for compliance to the Payment Card Industry Data Security Standards (PCI-DSS). Compliance with this standard is a condition of
More informationINFORMATION SECURITY POLICY. Contents. Introduction 2. Policy Statement 3. Information Security at RCA 5. Annexes
INFORMATION SECURITY POLICY Ratified by RCA Senate, February 2007 Contents Introduction 2 Policy Statement 3 Information Security at RCA 5 Annexes A. Applicable legislation and interpretation 8 B. Most
More informationDartmouth College Merchant Credit Card Policy for Processors
Mission Statement Dartmouth College Merchant Credit Card Policy for Processors Dartmouth College requires all departments that process, store or transmit credit card data remain in compliance with the
More information<COMPANY> P07 - Third Parties Policy
P07 - Third Parties Policy Document Reference P07 - Third Parties Policy Date 8th October 2014 Document Status Final Version 3.0 Revision History 1.0 9 November 2009: Initial release. 1.1 17 November 2009:
More informationPLACE GROUP UK LONDON STUDENT HOUSING GROUP PAYMENT CARD INDUSTRY DATA SECURITY STANDARD COMPLIANCE STATEMENT PCI DSS (09) VERSION: 2009PCIDSSP4S01
PLACE GROUP UK LONDON STUDENT HOUSING GROUP PAYMENT CARD INDUSTRY DATA SECURITY STANDARD COMPLIANCE STATEMENT PCI DSS (09) VERSION: 2009PCIDSSP4S01 Information updated: 21 October 2012 SAFEGUARDING CARDHOLDER
More informationPAYMENT SECURITY. Best Practices
PAYMENT SECURITY Best Practices At VeriFone, the protection of cardholder information is a top priority. To ensure merchants have secure payment solutions for their customers, and to help protect merchants
More informationCREDIT CARD MERCHANT POLICY. All campuses served by Louisiana State University (LSU) Office of Accounting Services
Louisiana State University Finance and Administrative Services Operating Procedure FASOP: AS-22 CREDIT CARD MERCHANT POLICY Scope: All campuses served by Louisiana State University (LSU) Office of Accounting
More informationCAL POLY POMONA FOUNDATION. Policy for Accepting Payment (Credit) Card and Ecommerce Payments
CAL POLY POMONA FOUNDATION Policy for Accepting Payment (Credit) Card and Ecommerce Payments 1 PURPOSE The purpose of this policy is to establish business processes and procedures for accepting payment
More informationCREDIT CARD PROCESSING POLICY AND PROCEDURES
CREDIT CARD PROCESSING POLICY AND PROCEDURES Note: For purposes of this document, debit cards are treated the same as credit cards. Any reference to credit cards includes credit and debit card transactions.
More information2.1.2 CARDHOLDER DATA SECURITY
University of Oxford Finance Division FINANCIAL POLICY 2.1.2 CARDHOLDER DATA SECURITY Date: 21 March 2013 Version: 2.1.2 Status: Approved Author: Simon Blee Bridget Midwinter TABLE OF CONTENTS Page EXECUTIVE
More informationGRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY
GRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY PURPOSE The Payment Card Industry Data Security Standard was established by the credit card industry in response to an increase in identify theft
More informationAppendix 1 Payment Card Industry Data Security Standards Program
Appendix 1 Payment Card Industry Data Security Standards Program PCI security standards are technical and operational requirements set by the Payment Card Industry Security Standards Council to protect
More informationInformation Technology
Credit Card Handling Security Standards Overview Information Technology This document is intended to provide guidance to merchants (colleges, departments, organizations or individuals) regarding the processing
More informationAISA Sydney 15 th April 2009
AISA Sydney 15 th April 2009 Where PCI stands today: Who needs to do What, by When Presented by: David Light Sense of Security Pty Ltd Agenda Overview of PCI DSS Compliance requirements What & When Risks
More informationISO IEC 27002 2005 (17799 2005) TRANSLATED INTO PLAIN ENGLISH
13.1 REPORT INFORMATION SECURITY EVENTS AND WEAKNESSES 1 GOAL Make sure that information system security incidents are promptly reported. 2 GOAL Make sure that information system security events and weaknesses
More informationCustomer-Facing Information Security Policy
Customer-Facing Information Security Policy Global Security Office (GSO) Version 2.6 Last Updated: 03/23/2015 Symantec Corporation Table of Contents Compliance Framework... 1 High-Level Information Security
More informationAIS Webinar. Payment Application Security. Hap Huynh Business Leader Visa Inc. 1 April 2009
AIS Webinar Payment Application Security Hap Huynh Business Leader Visa Inc. 1 April 2009 1 Agenda Security Environment Payment Application Security Overview Questions and Comments Payment Application
More informationAndrews University Payment Card Acceptance Policies & Procedures. Prepared by Financial Administration
Andrews University Payment Card Acceptance Policies & Procedures Prepared by Financial Administration July 12, 2011 Part I: Introduction of Policy and Purpose Formatted: Font: 12 pt In order to protect
More informationPayment Card Industry Data Security Standards
Payment Card Industry Data Security Standards January 19, 2011 Marc S. Reisler, Holland & Knight Copyright 2011 Holland & Knight LLP All Rights Reserved Data Breaches Remain a Serious Concern PCI Standards
More informationTERMS AND CONDITIONS FOR PAYMENT CARDS SERVICING
TERMS AND CONDITIONS FOR PAYMENT CARDS SERVICING 1. TERMS AND DEFINITIONS 1.1. Authorisation is a query to check Card validity and availability of corresponding funds on the Card s account. 1.2. Card means
More informationb. USNH requires that all campus organizations and departments collecting credit card receipts:
USNH Payment Card Industry Data Security Standard (PCI DSS) Version 3 Administration and Department Policy Draft Revision 3/12/2013 1. Purpose. The purpose of this policy is to assist the University System
More informationSecurity Breaches and Vulnerability Experiences Overview of PCI DSS Initiative and CISP Payment Application Best Practices Questions and Comments
Security in the Payment Card Industry OWASP AppSec Seattle Oct 2006 Hap Huynh, Information Security Specialist, Visa USA hhuynh@visa.com Copyright 2006 - The OWASP Foundation Permission is granted to copy,
More informationWhat To Do if Compromised. Visa USA Fraud Investigations and Incident Management Procedures
What To Do if Compromised Visa USA Fraud Investigations and Incident Management Procedures Table of Contents Introduction......................................................... 1 Identifying and Detecting
More informationRSA SecurID Software Token Security Best Practices Guide
RSA SecurID Software Token Security Best Practices Guide Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com. Trademarks RSA, the RSA
More informationBIMASS and You - A Copyright Infringement Conclusions
PRODUCT SCHEDULE Hosted Exchange This Product Schedule (the Schedule ), between BIMASS and ( You ) is effective immediately and is issued pursuant to and incorporates by reference the terms and conditions
More informationPayment Cardholder Data Handling Procedures (required to accept any credit card payments)
Payment Cardholder Data Handling Procedures (required to accept any credit card payments) Introduction: The Procedures that follow will allow the University to be in compliance with the Payment Card Industry
More informationLaw Enforcement Recommendations Regarding Amendments to the Registrar Accreditation Agreement
* 1) The RAA should not explicitly condone or encourage the use of 1. Use of Proxy or Privacy Registrations Proxy Registrations or Privacy Services, as it appears in paragraphs a. In the event ICANN establishes
More informationCorporate Health and Safety Policy
Corporate Health and Safety Policy Publication code: ED-1111-003 Contents Foreword 2 Health and Safety at Work Statement 3 1. Organisation and Responsibilities 5 1.1 The Board 5 1.2 Chief Executive 5 1.3
More informationSection 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015
Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015 I. PURPOSE The purpose of this policy is to establish guidelines for processing charges on Payment Cards to protect
More informationSWEDBANK AS TERMS AND CONDITIONS FOR PAYMENT CARDS SERVICING Valid from 01.12.2014
SWEDBANK AS TERMS AND CONDITIONS FOR PAYMENT CARDS SERVICING Valid from 01.12.2014 1. TERMS AND DEFINITIONS 1.1 Account is a current account of the Merchant specified in the Agreement. 1.2 Agreement is
More informationUniversity of Liverpool
University of Liverpool Card Payment Policy Reference Number Title Version Number 1.0 Document Status Document Classification FIN-001 Card Payment Policy Active Public Effective Date 03 June 2014 Review
More informationUniversity of Sunderland Business Assurance Information Security Policy
University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant
More informationTreasurer s Guidelines for the Use of the Queensland Government Corporate Purchasing Card
Treasurer s Guidelines for the Use of the Queensland Government Corporate Purchasing Card Policy requirements for public sector entities using corporate credit cards as a payment tool Document details
More informationMerchant guide to PCI DSS
Merchant guide to PCI DSS Contents What is PCI DSS and why was it introduced?... 3 Who needs to become PCI DSS compliant?... 3 BOIPA Simple PCI DSS - 3 step approach to helping businesses... 3 What does
More informationREGULATIONS FOR SALES PAID BY CARD SALES IN SHOP (Card Present) (May 2015)
REGULATIONS FOR SALES PAID BY CARD SALES IN SHOP (Card Present) (May 2015) These regulations, the "Shop Regulations", apply to sales paid by Card through the use of a Terminal. The Shop Regulations comprise
More informationPersonal Account Trading Policy
Type: Name: Level: Policy Personal Account Trading Policy Stanbic IBTC Owner: Governance committee Approved by: Chief Compliance Officer Board Risk Management Committee Board Risk Management Committee
More informationInformation Governance Policy
Information Governance Policy Information Governance Policy Issue Date: June 2014 Document Number: POL_1008 Prepared by: Information Governance Senior Manager Insert heading depending on Insert line heading
More informationUniversity Policy Accepting and Handling Payment Cards to Conduct University Business
BROWN UNIVERSITY University Policy Accepting and Handling Payment Cards to Conduct University Business Table of Contents Purpose... 2 Scope... 2 Authorization... 2 Establishing a new account... 2 Policy
More informationMerchant Payment Card Processing Guidelines
Merchant Payment Card Processing Guidelines The following is intended to provide guidance that departments or units can use to help develop specific procedures for their department or unit. If you have
More informationNETCARE LIMITED HUMAN RESOURCES ONBOARDING AND ORIENTATION POLICY POLICY NUMBER HR12 HUMAN RESOURCES DEPARTMENT PREPARATION DATE MARCH 2013
NETCARE LIMITED HUMAN RESOURCES POLICY NUMBER HR12 PREPARED BY APPROVED BY HUMAN RESOURCES DEPARTMENT HUMAN RESOURCES DIRECTOR PREPARATION DATE MARCH 2013 ISSUE DATE MARCH 2014 REVISION DATE MARCH 2015
More informationIf you have any questions about any of our policies, please contact the Customer Services Team.
Acceptable Use Policy (AUP) 1. Introduction Blue Monkee has created this Acceptable Use Policy (AUP) for hosting customers to protect our resources and the resources of our other customers and hosting
More informationFinance & Ecommerce Systems
Finance & Ecommerce Systems Prepared by: Colette Elson Issued: November 2013 November 2013 Page 1 Contents Page 1 Introduction 2 Responsibility 3 The PCI Data Security Standard 4 PCI DSS Requirements 5
More informationPhysical Security Policy Template
Physical Security Policy Template The Free iq Physical Security Policy Generic Template has been designed as a preformatted framework to enable your Practice to produce a Policy that is specific to your
More informationMike Casey Director of IT
Network Security Developed in response to: Contributes to HCC Core Standard number: Type: Policy Register No: 09037 Status: Public IG Toolkit, Best Practice C7c Consulted With Post/Committee/Group Date
More informationMobile Payment Security
Mobile Payment Security Gill Woodcock 2014 About the PCI Council Founded in 2006 - Guiding open standards for payment card security Development Management Education Awareness PCI Security Standards Suite
More informationPayment Card Industry (PCI) Data Security Standard QSA Validation Requirements. Supplement for PCI Forensic Investigators (PFIs)
Payment Card Industry (PCI) Data Security Standard QSA Validation Requirements Supplement for PCI Forensic Investigators (PFIs) Version 2.0 November 2012 Document Changes. Date Version Description November
More informationPrepared testimony of W. Joseph Majka Head of Fraud Control and Investigations Visa Inc.
Prepared testimony of W. Joseph Majka Head of Fraud Control and Investigations Visa Inc. Before the Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology of the House Committee on
More informationBecoming PCI Compliant
Becoming PCI Compliant Jason Brown - brownj52@michigan.gov Enterprise Security Architect Enterprise Architecture Department of Technology, Management and Budget State of Michigan @jasonbrown17 History
More informationAcceptable Use Policy
Acceptable Use Policy I. Introduction Each employee, student or non-student user of Greenville County Schools (GCS) information system is expected to be familiar with and follow the expectations and requirements
More informationROYAL BOROUGH OF WINDSOR AND MAIDENHEAD SECURITY POLICY. Processing Electronic Card Payments
ROYAL BOROUGH OF WINDSOR AND MAIDENHEAD SECURITY POLICY Processing Electronic Card Payments Introduction and Policy Aim The Payment Card Industry Data Security Standard (PCI-DSS) is a worldwide information
More informationFairWarning Mapping to PCI DSS 3.0, Requirement 10
FairWarning Mapping to PCI DSS 3.0, Requirement 10 Requirement 10: Track and monitor all access to network resources and cardholder data Logging mechanisms and the ability to track user activities are
More informationPCI General Policy. Effective Date: August 2008. Approval: December 17, 2015. Maintenance of Policy: Office of Student Accounts REFERENCE DOCUMENTS:
Effective Date: August 2008 Approval: December 17, 2015 PCI General Policy Maintenance of Policy: Office of Student Accounts PURPOSE: To protect against the exposure and possible theft of account and personal
More informationLEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction
LEEDS BECKETT UNIVERSITY Information Security Policy 1.0 Introduction 1.1 Information in all of its forms is crucial to the effective functioning and good governance of our University. We are committed
More informationHow To Protect Decd Information From Harm
Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the
More informationDon Roeber Vice President, PCI Compliance Manager. Lisa Tedeschi Assistant Vice President, Compliance Officer
Complying with the PCI DSS All the Moving Parts Don Roeber Vice President, PCI Compliance Manager Lisa Tedeschi Assistant Vice President, Compliance Officer Types of Risk Operational Risk Normal fraud
More informationFraud - Preparing Data Card Transactions
Liverpool Hope University PCI DSS Policy Document Control Date Revision/Amendment Details & Reason Author 26 th March 2015 Updates G. Donelan 23 rd June 2015 Audit Committee 7 th July 2015 University Council
More informationIntroduction. General Use
Introduction Dane County provides a variety of technological resources to its employees to improve public service and maximize efficiency. The purpose of this policy is to advise users regarding the use
More informationFINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
More informationPCI DSS Compliance. 2015 Information Pack for Merchants
PCI DSS Compliance 2015 Information Pack for Merchants This pack contains general information regarding PCI DSS compliance and does not take into account your business' particular requirements. ANZ recommends
More informationVISA EUROPE ACCOUNT INFORMATION SECURITY (AIS) PROGRAMME FREQUENTLY ASKED QUESTIONS (FAQS)
VISA EUROPE ACCOUNT INFORMATION SECURITY (AIS) PROGRAMME FREQUENTLY ASKED QUESTIONS (FAQS) Q1: What is the purpose of the AIS programme? Q2: What exactly is the Payment Card Industry (PCI) Data Security
More informationAccepting Payment Cards and ecommerce Payments
Policy V. 4.1.1 Responsible Official: Vice President for Finance and Treasurer Effective Date: September 29, 2010 Accepting Payment Cards and ecommerce Payments Policy Statement The University of Vermont
More informationConditions of Use. Communications and IT Facilities
Conditions of Use of Communications and IT Facilities For the purposes of these conditions of use, the IT Facilities are [any of the University s IT facilities, including email, the internet and other
More informationSTATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM
STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM BETWEEN The Division of Health Care Financing and Policy Herein after referred to as the Covered Entity and (Enter Business
More informationSpecific Terms and Conditions of LINE Services for Business Partners: LINE Business Connect
Specific Terms and Conditions of LINE Services for Business Partners: LINE Business Connect Article 1 (Purpose) These Specific Terms and Condition of LINE Services for Business Partners: LINE Business
More informationITU-10002 Computer Network, Internet Access & Email policy ( Network Access Policy )
ITU-10002 Computer Network, Internet Access & Email policy South Norfolk Council IT Unit Documentation www.south-norfolk.gov.uk Page : 2 of 8 Summary This policy informs all users about acceptable use
More informationTop Five Data Security Trends Impacting Franchise Operators. Payment System Risk September 29, 2009
Top Five Data Security Trends Impacting Franchise Operators Payment System Risk September 29, 2009 Top Five Data Security Trends Agenda Data Security Environment Compromise Overview and Attack Methods
More informationNew PCI Standards Enhance Security of Cardholder Data
December 2013 New PCI Standards Enhance Security of Cardholder Data By Angela K. Hipsher, CISA, QSA, Jeff A. Palgon, CPA, CISSP, QSA, and Craig D. Sullivan, CPA, CISA, QSA Payment cards a favorite target
More informationYou will already have read and understood the following documentation, however do go back to any of these if you are unsure of what they cover:
Pay Payment Card Industry Data Security Standards (PCI DSS) Quick Reference Guide Overview You should have already been trained, and possibly refreshed, in PCI DSS requirements, and how the standards relate
More informationMiami University. Payment Card Data Security Policy
Miami University Payment Card Data Security Policy IT Policy IT Standard IT Guideline IT Procedure IT Informative Issued by: IT Services SCOPE: This policy covers all units within Miami University that
More informationMalpractice Policy BMAT
Malpractice Policy 1 BMAT Malpractice Policy 1. Statement of Purpose BMAT is committed to ensuring that standards of assessment are consistent, transparent and fair, whilst maintaining standards as a priority
More informationCredit and Debit Card Transaction Procedures. University of Bath
Credit and Debit Card Transaction Procedures University of Bath Table of Contents Introduction Ethics and Acceptable Use Policies Credit and Debit Card Transactions Protection of Stored Data Protection
More informationWhat To Do if Compromised. Visa USA Fraud Investigations and Incident Management Procedures
What To Do if Compromised Visa USA Fraud Investigations and Incident Management Procedures Table of Contents Introduction......................................................... 1 Security Breach Reporting............................................
More informationStandards for Business Processes, Paper and Electronic Processing
Payment Card Acceptance Information and Procedure Guide (for publication on the Treasury Webpages) A companion guide to University policy 6120, Payment Card Acceptance Standards for Business Processes,
More informationPresented By: Bryan Miller CCIE, CISSP
Presented By: Bryan Miller CCIE, CISSP Introduction Why the Need History of PCI Terminology The Current Standard Who Must Be Compliant and When What Makes this Standard Different Roadmap to Compliance
More informationHow To Ensure Information Security In Nhs.Org.Uk
Proforma: Information Policy Security & Corporate Policy Procedures Status: Approved Next Review Date: April 2017 Page 1 of 17 Issue Date: June 2014 Prepared by: Information Governance Senior Manager Status:
More informationOratory R.C. Primary and Nursery School. Shine as to be a light to others E-SAFETY POLICY
Oratory R.C. Primary and Nursery School Shine as to be a light to others E-SAFETY POLICY Reviewed by Safeguarding, Health and Safety and Premises Committee: 1.10.14 Approved by the Governing Body: 15.10.14
More informationMERCHANT NEWS. This Edition of Merchant News NOW INCLUDING RETAIL SPECIFIC NEWS. Our Name is Changing. Fraud Prevention. Card Scheme Compliance
AUTUMN 2012 EDITION MERCHANT NEWS Keeping you in the know Important Information - Please keep in a safe place This Edition of Merchant News Our Name is Changing Fraud Prevention Card Scheme Compliance
More informationFor parents this document should be read in conjunction with the Osper Cardholder Terms and Conditions.
Version: 10.08.15 Osper Service Terms Introduction This document explains your legal rights and obligations in relation to your use of the Osper Service ( Osper ), including use of the Osper App. Parents
More information