UNT Payment Card Merchant Handbook

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "UNT Payment Card Merchant Handbook"

Transcription

1 UNT Payment Card Merchant Handbk University f Nrth Texas January 2014 Vlume 4, Issue 1 STUDENT ACCOUNTING & UNIVERSITY CASHIERING SERVICES

2 Cntents The Purpse f the Handbk...1 General Overview...2 Hw des ur department accept credit cards nline?...3 Hw will UNT cmply with PCI DSS?...6 Hw will UNT Cmply with PCI DSS cntinued...7 What is my Validatin Type?...8 Respnsibility f the Dept ID/ Prj ID Hlder Respnsibility f Dept. ID/Prj ID And Department Designee Segregatin f Duties Cardhlder Data Cmprmised Nn-Cmpliant UNT Merchant Prtecting Cardhlder data Payment Card Prcessing e Cmmerce Transactins Cmmerce Manager Disputes/Chargebacks Payment Card Depsits Payment Card Refunds Payment Card Sanctins Handuts/Reference websites... 25

3 The Purpse f the Handbk The UNT Payment Card Merchant Handbk cntains guidelines and plicies fr UNT Payment Card Merchants. Departments that accept payment card payments shuld becme familiar with the guidelines and plicies listed with this handbk. Each UNT Merchant must be PCI DSS cmpliant. Wrking with their Departmental Netwrk Manager, CITC Security Team and Student Accunting and University Cashiering Services, each department will be able t cmplete the apprpriate questinnaire and scan, if required, in rder t attain cmpliance. This cmpliance must be renewed yearly. The UNT Payment Card Merchant Handbk and the yearly training will be updated as new requirements and changes ccur. This handbk and the annual training shuld be cnsidered a guide fr learning best practices fr the university. 1

4 General Overview Student Accunting and University Cashiering Services is respnsible fr managing all aspects f establishing payment card merchants n campus and the prcessing f payment card transactins. See UNT Plicy ml Hw d I accept credit card n campus? Befre determining if accepting credit cards is practical fr yur department, we encurage departments t ask themselves the fllwing questins: What type f resurces d I need? What can ur ffice d t get ready fr ecmmerce? Hw much technical effrts will there be? Will accepting credit cards as a frm f payment add any value/revenue t my prject? If an UNT Department wants t accept credit cards as a frm f payment, they must cntact the Student Accunting and University Cashiering Services fr apprval. The department will be required t cmplete a User Feasibility Questinnaire. The department may btain the questinnaire by submitting a request t the Cashier Area Supervisr f Student Accunting and University Cashiering Service at 2

5 Hw des my department accept credit cards nline? Student Accunting has cntracted with Nelnet Business Slutins t ffer an ecmmerce slutin that wuld be cst effective fr departments and at the same time ensure PCI DSS cmpliance. Cmmerce Manager is a web-based payment system designed t hst multiple departments. Cmmerce Manager allws individual departments acrss campus t cnduct business and accept payments nline while maintaining central cntrl f accunting and security. If the department is cnsidering an ecmmerce slutin, yur netwrk supprt and/r web develper will be respnsible fr develping the department s webpage. Belw is sme basic technical infrmatin ur Student Financial Technical Team put tgether t assist the department s web develper. T use ecmmerce Manager, there are 3 actins that are f interest t the develper: Authenticatin t the Nelnet website Handling the results f the transactin at the Nelnet website Handling the Nelnet End f Day File fr recnciliatin r reprting needs The PCI Security Standards Cuncil ("PCI SSC") wns, maintains and distributes the PCI Data Security Standard (DSS) and all its supprting dcuments. PCI DSS is a set f cmprehensive requirements fr enhancing payment accunt data security; develped by the funding payment brands f the PCI Security Standards Cuncil, including American Express, Discver Financial Services, JCB Internatinal, MasterCard Wrldwide, and Visa Inc. Internatinal, t help facilitate the brad adptin f cnsistent data security measures n a glbal basis. Merchant cmpliance validatin has been priritized based n the vlume f transactins, the ptential risk, and the expsure intrduced int the payment system. All merchants (departments) will fall int ne f the fur merchant levels based n VISA transactin vlume ver a 12-mnth perid. 3

6 Level/Tier¹ Merchant Criteria Validatin Requirements 1 Merchants prcessing ver 6 millin Visa transactins annually (all channels) r Glbal merchants identified as Level 1 by any Visa regin² *Annual Reprt n Cmpliance ( ROC ) by *Qualified Security Assessr ( QSA ) Quarterly netwrk scan by *Apprved Scan Vendr ( ASV ) *Attestatin f Cmpliance Frm Merchants prcessing 1 millin t 6 millin Visa transactins annually (all channels) 2 *Annual Self-Assessment Questinnaire ( SAQ ) *Quartely netwrk scan by ASV *Attestin f Cmpliance Frm Merchants prcessing 20,000 t 1 millin Visa e-cmmerce transactins 3 annually Merchants prcessing less than 20,000 Visa e-cmmerce transactins annually and all ther merchants prcessing up t 1 millin Visa 4 transactins annually *Annual SAQ *Quarterly netwrk scan by ASV *Attestatin f Cmpiance Frm *Annual SAQ recmmended *Quarterly netwrk scan by ASV if applicable * Cmpliance validatin requirements set by acquirer ¹- Cmprised entries may be escalated at reginal discretin ²-Merchant meeting Level 1 criteria in any Visa cuntry/regin that perates in mre than ne cuntry/regin is cnsidered a glbal Level 1 Fllwing PCI DSS requirements is critical and can assist in preventing a security breach. If payment card data is cmprmised and the university is ut f cmpliance with PCI DSS, the university culd be respnsible fr significant fines, the cst f re-issuing all cards assciated with the cmprmise and permanently prhibited frm prcessing payment cards. It is the respnsibility f Student Accunting and University Cashiering Services t prvide UNT merchants the infrmatin required t remain cmpliant with PCI DSS. Hwever, it is the respnsibility f the Dept. ID/Prj ID hlder t insure their department is fllwing the established plicies and prcedures. Student Accunting and University Cashiering Services will prvide annual training t insure departments receive the current infrmatin fr PCI cmpliance. Student Accunting and University Cashiering Department Dept ID/Prj ID hlder Dept. persnnel Dept. Netwrk manager PCI DSS Cmpliance CITC Security 4

7 The cre f the PCI DSS is a grup f principles and accmpanying requirements, arund which the specific elements f the DSS are rganized: PCI Data Security Standard Build and Maintain a Secure Netwrk 1. Install and maintain a firewall cnfiguratin t prtect data 2. D nt use vendr-supplied defaults fr system passwrds and ther security parameters Prtect Cardhlder Data 3. Prtect stred data Encrypt transmissin f cardhlder data and sensitive infrmatin acrss public netwrks 4. Encrypt transmissin f cardhlder data acrss pen, public netwrks Maintain a Vulnerability Management Prgram 5. Use and regularly update anti-virus sftware 6. Develp and maintain secure systems and applicatins Implement Strng Access Cntrl Measures 7. Restrict access t data by business need-t-knw 8. Assign a unique ID t each persn with cmputer access 9. Restrict physical access t cardhlder data Regularly Mnitr and Test Netwrks 10. Track and mnitr all access t netwrk resurces and cardhlder data 11. Regularly test security systems and prcesses Maintain an Infrmatin Security Plicy 12. Maintain a plicy that addresses infrmatin security *Surce: Security Standards Cuncil 5

8 Hw will UNT cmply with PCI DSS? Self-Assessment Questinnaires are based upn SAQ Validatin Type (see chart belw) A B C-VT Card-nt-present (ecmmerce r mail/telephne-rder) merchants, all cardhlder data functins utsurced. This wuld never apply t face-t-face merchants Imprint-nly merchants with n electrnic cardhlder data strage, r standalne, dial-ut terminal merchants with n electrnic data strage Merchants using nly web-based virtual terminals, n electrnic cardhlder data strage Merchants with payment applicatin systems cnnected t C the Internet, n electrnic cardhlder data strage All ther merchants (nt included in descriptins fr SAQs A- D C abve) and all service prviders defined by a payment brand as eligible t cmplete an SAQ *Surce: Security Standards Cuncil 6

9 Hw will UNT Cmply with PCI DSS cntinued Attend annual training. Cmplete apprpriate Self-Assessment Questinnaire (SAQ). If required cmplete internal netwrk scan with CITC. Make any crrectins recmmended frm internal scan prir t scheduling independent scan. Cmplete netwrk scan by an independent third party vendr, if required. UNT has cntracted with Campus Guard t prvide the scan and t prvide assistance in achieving cmpliance. Cmplete penetratin test by qualified internal staff r an independent third party vendr, if required. Enfrce the use f Nelnet s QuikPay r ther prduct fr ecmmerce transactins and use hardware and sftware that is PCI DSS cmpliant. Cllabrate with Student Accunting, CITC Security and Internal Audit t ensure cmpliance. 7

10 What is my Validatin Type? SAQ A (11-questin questinnaire): SAQ A merchants d nt stre data n their systems r premises. Yur lcatin (department): accepts nly card-nt-present transactins e-cmmerce r mail/telephne-rder Des nt stre, prcess r transmit any cardhlder data n yur systems r premises, but relies entirely n a third party t hand all these functins. Has cnfirmed the third party(s) handling strage, prcessing and/r transmissin f cardhlder data is PCI cmpliant. Retains nly paper reprts and/r paper receipts with cardhlder data and these dcuments are nt received electrnically; and des nt stre any cardhlder data in electrnically frmat This ptin wuld never apply t merchants with face-t-face POS envirnment. SAQ B (29-questin questinnaire): SAQ B merchants are nly imprint machines r nly standalne, dial-ut terminals. N Electrnic Cardhlder Data Strage. Yur lcatin (department): Uses nly an imprint machine and/r uses nly standalne, dialut terminal (cnnected via a phne line t yur prcessr) t take yur custmers payment card infrmatin. The standalne, dial-ut terminal(s) are nt cnnected t any ther system within yur envirnment. The standalne, dial-ut terminal(s) are nt cnnected t the Internet Des nt transmit cardhlder data ver a netwrk (either an internal netwrk r the Internet) Retains nly paper reprts and/r paper receipts, nt received electrnically; and Des nt stre cardhlder data in electrnic frmat. r 8

11 SAQ C-VT (51-questin questinnaire): SAQ C-VT merchants are web-based virtual terminals, n electrnic cardhlder data strage. Yur lcatin (department): Only payment prcessing is dne via a virtual terminal accessed by an Internet-cnnected web brwser. Virtual terminal slutin is prvided and hsted by a PCI DSS validated third-party service prvider. Accesses the PCI DSS cmpliant virtual terminal slutin via a cmputer that is islated in a single lcatin, and is nt cnnected t ther lcatins r systems within yur envirnment (this can be achieved via a firewall r netwrk segmentatin t islate the cmputer frm ther systems). Des nt have sftware installed that causes cardhlder data t be stred. (fr example, there is n sftware fr batch prcessing r stred-and-frward) Des nt have any attached hardware devices that are used t capture r stre cardhlder data (fr example, there are n card readers attached) Des nt therwise receive r transmit cardhlder data electrnically thrugh any channels (fr example, via an internal netwrk r the Internet) Retains nly paper reprts and/r paper receipts, nt received electrnically; and Des nt stre any cardhlder data in electrnic frmat. 9

12 SAQ C (80-questin questinnaire): SAQ C merchants have payment applicatin systems cnnected t the Internet, n electrnic cardhlder data strage. Yur lcatin (department): Has a payment applicatin system and an Internet cnnectin n the same device and/r same lcal area netwrk (LAN). The payment applicatin system/internet device is nt cnnected t any ther system within yur envirnment (this can be achieved via netwrk segmentatin t islate payment applicatin system/internet device frm all ther systems) Is nt cnnected t ther lcatins and any LAN is fr a single stre nly Retains nly paper reprts and/r receipts, nt received electrnically; Des nt stre cardhlder data in electrnic frmat; and Payment applicatin sftware vendr uses secure techniques t remte supprt t the payment applicatin system. SAQ D (286-questin questinnaire): SAQ D merchants d nt meet the descriptins f SAQ A thrugh C, describe abve. While many f the rganizatin cmpleting SAQ D will need t validate cmpliance with every PCI DSS requirement, sme rganizatins with very specific business mdels may find that sme f the requirements d nt apply. Fr example, a cmpany that des nt use wireless technlgy in any capacity wuld nt be expected t validate cmpliance with the sectins f the PCI DSS that are specific t managing wireless technlgy. 10

13 Respnsibility f the Dept ID/ Prj ID Hlder The department designee must cmply with UNT Plicy and Prcedures in regards t Payment Card Industry Data Security Standard (PCI DSS) requirements. See The Dept ID/Prj ID hlder alng with their departmental netwrk manager is respnsible fr cmpleting a Self- Assessment Questinnaire (SAQ) and an Attestatin f Cmpliance annually. The PCI Self-Assessment Questinnaire is an imprtant validatin tl that will be used by merchants t demnstrate cmpliance with PCI DSS. UNT has cntracted with Campus Guard t prvide the questinnaire nline at Guard.net. The Attestatin f Cmpliance certifies the accuracy f the infrmatin prvided n the questinnaire. After cmpleting and passing the questinnaire, the department will wrk with their netwrk manager and UNT CITC Security Team t determine if an internal scan is needed fr each lcatin (department). Any issues will need t be addressed prir t scheduling the security scan frm a third party vendr. PCI Data Security Standard (PCI DSS) may require a security scan fr merchants t help validate cmpliance with PCI DSS. PCI Data Security Standard (PCI DSS) requires all Internet-facing IP address in the cardhlder data envirnment t be scanned fr vulnerabilities. T cmply with the PCI Security Scanning requirement, merchants must have their web sites r 11

14 IT infrastructures with Internet facing IP addresses in the cardhlder data envirnment scanned. Third-party security assessr will perfrm external scans at least every three mnths. Annual penetratin testing cmpleted by third-party security assessr. The Dept ID/Prj ID hlder will be respnsible t ensure their lcatin (merchant) is fllwing the University payment card guidelines including PCI Data Security Standard (PCI DSS) requirements. The Dept ID/Prj ID hlder will be respnsible t reprt persnnel changes (emplyees wh prcess r recncile payment card transactins) immediately in their department t the UNT ITs Security Office and the Cashier Area Supervisr in Student Accunting and University Cashiering Services. The Dept ID/Prj ID hlder must get apprval frm the Student Accunting and University Cashiering Services befre purchasing any new equipment and/r sftware related t credit card prcessing. Departmental merchants are required t cmplete annual training and sign a security agreement cnfirming the department (merchant) is fllwing the PCI Data Security Standard (PCI DSS) requirements fr safeguarding cardhlder data. The Dept ID/Prj ID hlder and any Department Designee are required cmplete the training and sign the agreement. 12

15 Respnsibility f Dept. ID/Prj ID And Department Designee The department designee must cmply with UNT Plicy and Prcedures in regards t Payment Card Industry Data Security Standard (PCI DSS) requirements. See All cardhlder data, including dcumentatin, must be stred in a secure area at all times. The cardhlder data shall nt be printed n receipts. Insure payment card data is nt dwnladed r stred n a cmputer r netwrk within the department. D nt share lgin names and passwrds t systems that access payment card data. Keep duties that are related t payment card prcessing segregated fr accuntability. The emplyee wh prcesses the payment card transactin shuld balance their daily activity; hwever, a different emplyee shuld be respnsible fr recnciling the activity each mnth. If suspected cmprmise f cardhlder data, department designee shuld infrm the Dept ID/Prj ID hlder t ensure the department s netwrk manager, CITC Infrmatin and Security Team, Internal Audit and the Cashier Area Supervisr f Student Accunting and University Cashiering Services are cntacted immediately. Emplyee shuld nt d anything else n the suspected cmprised wrkstatin. Until CITC security advises, the netwrk cable shuld be unplugged frm the wrkstatin in questin. Dept ID/Prj ID hlder and any department designee are respnsible fr cmpleting annual credit card merchant training ffered thrugh Student Accunting and University Cashiering Services. Dept ID/Prj ID hlder and department designee are respnsible fr ntifying Student Accunting and University Cashiering Services prir t any changes/upgrades t equipment and/r sftware used t prcess credit card transactins. The Dept ID/Prj ID hlder and the department designee must get apprval frm the Student Accunting and University Cashiering Services befre purchasing any new equipment and/r sftware related t credit card prcessing. 13

16 Segregatin f Duties The Dept. ID/Prj ID hlder is respnsible fr departmental segregatin f duties. Any individual wh prcesses payment card transactins shuld nt be invlved with the mnthly recnciliatin. Recnciliatin- A thrugh recnciliatin f payment card transactin wuld include the fllwing dcumentatin: The reprts generated frm the payment card terminal, YurPay r QuikPay shuld be recnciled t department s internal receipts daily r when transactins have been prcessed. The reprts generated frm the payment card terminal, YurPay r QuikPay shuld be recnciled t the accunting entries generated in the Financial Reprting Office and t the Departmental Management Budget Reprt. Access t the Departmental Management Budget Reprt is available at my.unt.edu fr mnthly recnciliatin. 14

17 Cardhlder Data Cmprmised If cardhlder data fr which yu are respnsible is cmprmised, the university may be subject t the fllwing liabilities and fines assciated with each instance f nn-cmpliance: Ptential fines f up t $500,000 (in the discretin f Visa and MasterCard). All fraud lsses incurred frm the use f the cmprmised accunt numbers frm the date f the cmprmise ging frward. The cst f re-issuing all cards assciated with the cmprmise. The cst f any additinal fraud preventin/detectin activities required by the card assciatins (i.e. a frensic audit) r cst incurred by payment card issuers assciated with the cmprmise (i.e. additinal mnitring f system fr fraudulent activity). Becme permanently prhibited frm prcessing payment card transactins. Mst imprtant: The University s reputatin (brand) is damaged. If suspected cardhlder data cmprmised, the Dept ID/Prj ID r departmental designee shuld immediately cntact their netwrk manager, CITC Infrmatin Security Team, Internal Audit and the Cashier Area Supervisr in Student Accunting and University Cashiering Services. The department (merchant) must prvide any materials r recrds that cntain cardhlder data if a breach is suspected r cnfirmed. D nt lg int wrkstatin/cmputer f suspected cmprise. 15

18 Nn-Cmpliant UNT Merchant If a merchant is fund t be nn-cmpliant with PCI DSS, UNT Plicy fr accepting credit card and/r UNT established best practices, Student Accunting and University Cashiering Services with the assistance f CITC Security may require the nn-cmpliant merchant t cease acceptance f credit cards immediately. Any nn-cmpliant website and any nncmpliant pint-f-sale lcatins will be required t cease peratin until deemed cmpliant. It is the respnsibility f the merchant t wrk with Student Accunting, CITC Security and their Netwrk Manager t becme cmpliant. After CITC and Student Accunting have verified cmpliance, the merchant will be allwed t resume credit card activities 16

19 Educatinal institutins are disprprtinately vulnerable t security breaches. Higher Educatin is cnsistently in the tp 2 Surce: Privacy Rights Clearinghuse

20 Prtecting Cardhlder data Payment card payment infrmatin shuld be kept secured and cnfidential at all times. Cardhlder data shuld be secured in a lcked safe r file cabinet. The area designated t stre cardhlder data shuld be restricted t the Dept ID/Prj ID hlder and/r any department designee respnsible fr prcessing r researching a transactin. Any payment card pint f sale terminal shuld be placed in a secure area t prevent access t data within the terminal. Access t payment card data shuld be restricted t thse individuals whse jb requires such access. The custmer and merchant receipt (as well as any ther frm that may cntain cardhlder data) shuld nly display the last fur digits f the accunt number. Pin pads r any magnetic strip readers shuld nt be attached t a payment card terminal r cmputer. Security track data may nt be stred in any device used fr payment card prcessing. Security data/track is defined as the data elements stred within the magnetic stripe n the back f a card, as well as the cardhlder validatin cde (the three r fur digit value printed n the signature panel f the card). The infrmatin includes all the data required t cmmit fraud n a cardhlder s accunt. Payment card payment infrmatin cannt be stred n cmputers r netwrks, regardless f encryptin. Cardhlder data must be transmitted and received in a secure manner. If yur department received payment card payment infrmatin by a secure fax and/r mail, all digits f the card number except the last fur, must be remved befre retaining fr yur recrds. Cardhlder data must nt be sent t a fax applicatin with an IP address. 18

21 Fax machines must be in secured area (rm with a lcking dr) with n thrugh traffic and with limited access. Cardhlder data must nt be received by . Payment card receipts shuld be stred accrding t UNT s recrd retentin schedule. All receipts must be shredded after that time. Currently, UNT retentin schedule is 3 years plus fiscal year. see Series Item # , number 44, Cash Receipts. 19

22 Payment Card Prcessing -e Cmmerce Transactins Departmental merchants that prcess payment card transactins using a web-based prduct must fllw additinal guidelines t be cmpliant with PCI DSS requirements. A department interested in prcessing payment card transactins with a web-based prduct (ecmmerce) must cntact the Cashier Area Supervisr in Student Accunting and University Cashiering Services befre purchasing and/r cntracting with vendr. ecmmerce is defined as cnducting business cmmunicatins and transactins ver netwrks and thrugh cmputers. Student Accunting maintains a partnership with NelNet/QuikPay as the University s ecmmerce (nline payment prvider). QuikPay is certified cmpliant with PCI DSS requirements. Payment card payment infrmatin is cllected at QuikPay s website and prcessed fr authrizatin. Cardhlder data is nt transmitted ver the university netwrk. Fr smaller departments*, Student Accunting and University Cashiering Services ffers a Nelnet prduct called Cmmerce Manager (see Cmmerce Manager belw) *Department will have t apply fr this service Wells Farg, ur acquiring bank, is the payment card prcessr fr the university. As the payment card prcessr, Wells Farg assists with equipment recmmendatins t ensure the University is using PCI DSS cmpliant hardware and sftware. Any changes in technlgy related t payment card prcessing in yur ffice shuld be reprted t the Cashier Area Supervisr in Student Accunting and University Cashiering Services prir t implementing the change/upgrade. 20

23 Cmmerce Manager Cmmerce Manager is a web-based payment system designed t hst multiple departments. Cmmerce Manager allws individual departments acrss campus t cnduct business and accept payments nline while maintaining central cntrl f accunting and security. Belw is sme basic technical infrmatin the Student Financial Technical Team put tgether t assist departments. T use Cmmerce Manager, there are 3 actins that are f interest t the develper: Authenticatin t the Nelnet website Handling the results f the transactin at the Nelnet website Handling the Nelnet End Of Day File fr recnciliatin r reprting needs If a department is interested in using Cmmerce Manager, they shuld the Cashier Area Supervisr at in the Student Accunting and University Cashiering Services Office. Disputes/Chargebacks Disputes/chargebacks frm cardhlders will be sent directly t Student Accunting and University Cashiering Services. The infrmatin will be frwarded t the department designated cntact emplyee. A reply and all supprt dcumentatin must be returned in writing within tw (2) wrking days. Supprted dcumentatin will include a signed sales receipt and/r signed written authrizatin frm the cardhlder and/r their authrized user. It is the merchants respnsibility t maintain all dcumentatin n credit card transactins. Any questins regarding disputes/chargebacks shuld be directed t Student Accunting and University Cashiering Services. The Dept ID/Prj ID will be charged back fr a dispute/chargeback if the departmental representative des nt prvide the supprt dcumentatin fr the transactin in questin by the requested time. 21

24 Payment Card Depsits All payment card transactins fr sales and services prvided by the University must be depsited t a university dept ID r prj ID. UNT Financial Reprting will generate the accunting entry that credits the dept ID/ prj ID fr payment card sales. Each payment card merchant determines which dept ID/prj ID will receive the credit fr the depsit. Cntact UNT Financial Reprting (ext. 4875) t have funds allcated t anther dept ID/prj ID r split amng several dept ID/prj ID s. The department shuld verify all credit card transactins are depsited accurately by reviewing the daily detail transactin reprts prduced frm EIS mnthly. Payment Card Refunds Any refunds shuld be returned t the surce f payment, therefre, credit card refunds shuld be returned t the credit card. 22

25 Payment Card Sanctins The fllwing sanctins will apply t any UNT Merchants wh fails t cmplete the annual required training, self-assessment questins and netwrk scan, if necessary. A mnth in advance f expiratin, a ntice will be sent by the Cashier Area Supervisr t the Dept Id hlder, department designated emplyee, and technical supprt indicating that the required SAQ must be cmpleted by the specified deadline. The Assistant Directr f Operatins f SAUCS will be cpied n this . A week prir t the expiratin, a reminder will be sent by the Assistant Directr f Operatins t the Dept ID hlder, Dept ID supervisr, Department Chair, Department Dean, department designated emplyee, and the technical supprt including the first ntice and stressing the imprtance f cmpleting the required SAQ, cmpleting required scans (if needed) and r required training befre the stated deadline. The Directr f SAUCS will be cpied n this . A week after the cmpliance deadline has expired; the Assistant Directr will send a secnd ntice t the Dept ID hlder stressing the critical need t cmplete requirements fr cmpliance. The Directr f SAUCS, Dept ID supervisr, Department Chair, Department Dean, the Department s Vice President, the Assciate Vice President f Finance/Administratin, Cntrller, Vice President f Finance/Administratin, Internal Audit and the CITC Security Team will be cpied n this . Tw weeks after the third ntice, the Directr f SAUCS will send a ntice indicating that access t take credit cards will be terminated if actin twards 23

26 cmpliance is nt achieved. The Dept ID supervisr, the Department Chair, the Department Dean, the Department s Vice President, the Assciate Vice President f Finance/Administratin, Cntrller, the Vice President f Finance/Administratin, Internal Audit and the CITC Security Team will be cpied n this , as well as the UNT System Cmpliance Officer will be cpied. If cmpliance is nt achieved after the previus ntices, the Directr f SAUCS will instruct the Assistant Directr f Operatins and Cashier Area Supervisr t cntact either CITC Security Team and/r Wells Farg Merchant Services t begin the terminatin prcess, depending upn which type f equipment is used by the department. Reinstatement f services will ccur after PCI DSS cmpliance has been achieved. NOTE: If there are extenuating circumstances and/r the department is wrking twards cmpliance, there will be an exceptin fr administrative review by the Assciate Vice President f Finance/Administratin, Cntrller r Vice President f Finance/Administratin. 24

27 Handuts/Reference websites Payment Card Industry (PCI) Data Security Standard Apprved Cmpanies & Prviders (PA-DSS) anies_prviders/index.php Treasury Institute fr Higher Educatin Privacy Rights Clearinghuse 25

Process of Setting up a New Merchant Account

Process of Setting up a New Merchant Account Prcess f Setting up a New Merchant Accunt Table f Cntents PCI DSS... 3 Wh t cntact?... 3 Bakcgrund n PCI... 3 Why cmply?... 3 Hw t cmply?... 3 PCI DSS Scpe... 4 Des PCI DSS Apply t Me?... 4 What if I am

More information

VCU Payment Card Policy

VCU Payment Card Policy VCU Payment Card Plicy Plicy Type: Administrative Respnsible Office: Treasury Services Initial Plicy Apprved: 12/05/2013 Current Revisin Apprved: 12/05/2013 Plicy Statement and Purpse The purpse f this

More information

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments University f Texas at Dallas Plicy fr Accepting Credit Card and Electrnic Payments Cntents: Purpse Applicability Plicy Statement Respnsibilities f a Merchant Department Prcess t Becme a Merchant Department

More information

PCI - Why You Need to be Compliant When Accepting Credit Card Payments. Agenda. Breaches in the Headlines. Breach Events & Commonalities

PCI - Why You Need to be Compliant When Accepting Credit Card Payments. Agenda. Breaches in the Headlines. Breach Events & Commonalities PCI - Why Yu Need t be Cmpliant When Accepting Credit Card Payments Tuesday, March 27, 2012 Agenda Breach Events & Cmmnalities Evlutin f PCI PCI Requirements Risks f Nn-cmpliance Industry Initiatives t

More information

BAMS Third Party Service Providers (TPSPs) FAQs

BAMS Third Party Service Providers (TPSPs) FAQs BAMS Third Party Service Prviders (TPSPs) FAQs 1) What is the Third Party Service Prvider (TPSP) Agent Registratin Prgram? The TPSP Agent Registratin Prgram is a Card Brand (Visa USA Inc and MasterCard

More information

HIPAA HITECH ACT Compliance, Review and Training Services

HIPAA HITECH ACT Compliance, Review and Training Services Cmpliance, Review and Training Services Risk Assessment and Risk Mitigatin: The first and mst imprtant step is t undertake a hlistic risk assessment that examines the risks and cntrls related t fur critical

More information

GUIDANCE FOR BUSINESS ASSOCIATES

GUIDANCE FOR BUSINESS ASSOCIATES GUIDANCE FOR BUSINESS ASSOCIATES This Guidance fr Business Assciates dcument is intended t verview UPMCs expectatins, as well as t prvide additinal resurces and infrmatin, t UPMC s HIPAA business assciates.

More information

TrustED Briefing Series:

TrustED Briefing Series: TrustED Briefing Series: Since 2001, TrustCC has prvided IT audits and security assessments t hundreds f financial institutins thrugh ut the United States. Our TrustED Briefing Series are white papers

More information

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy COPIES-F.Y.I., INC. Plicies and Prcedures Data Security Plicy Page 2 f 7 Preamble Mst f Cpies FYI, Incrprated financial, administrative, research, and clinical systems are accessible thrugh the campus

More information

Vantiv eprotect iframe Technical Assessment Paper Prepared for:

Vantiv eprotect iframe Technical Assessment Paper Prepared for: Vantiv eprtect iframe Technical Assessment Paper Prepared fr: Octber 13, 2015 P a g e 2 Cntents EXECUTIVE SUMMARY...3 OVERVIEW... 3 ABOUT VANTIV EPROTECT... 4 OPERATIONAL FLOW... 5 TECHNICAL ASSESSMENT...6

More information

In addition to assisting with the disaster planning process, it is hoped this document will also::

In addition to assisting with the disaster planning process, it is hoped this document will also:: First Step f a Disaster Recver Analysis: Knwing What Yu Have and Hw t Get t it Ntes abut using this dcument: This free tl is ffered as a guide and starting pint. It is des nt cver all pssible business

More information

Electronic and Information Resources Accessibility Compliance Plan

Electronic and Information Resources Accessibility Compliance Plan Electrnic and Infrmatin Resurces Accessibility Cmpliance Plan Intrductin The University f Nrth Texas at Dallas (UNTD) is cmmitted t prviding a wrk envirnment that affrds equal access and pprtunity t therwise

More information

Data Protection Policy & Procedure

Data Protection Policy & Procedure Data Prtectin Plicy & Prcedure Page 1 Prcnnect Marketing Data Prtectin Plicy V1.2 Data prtectin plicy Cntext and verview Key details Plicy prepared by: Adam Haycck Apprved by bard / management n: 01/01/2015

More information

Cell Phone & Data Access Policy Frequently Asked Questions

Cell Phone & Data Access Policy Frequently Asked Questions Cell Phne & Data Access Plicy Frequently Asked Questins 1. Wh is eligible fr a technlgy allwance? First and fremst, the technlgy allwance is fr the benefit f the University, rather than fr the cnvenience

More information

PCI Compliance Merchant User Guide

PCI Compliance Merchant User Guide PCI Cmpliance Merchant User Guide Table f Cntents Intrductin... 5 PCI Prgram Overview... 5 PCI10 2.0 Applicatin Tl Overview... 6 Lgin Prcess... 6 Update My Prfile... 7 Frgt Yur Passwrd... 8 Welcme Pages...

More information

THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM

THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM 1. Prgram Adptin The City University f New Yrk (the "University") develped this Identity Theft Preventin Prgram (the "Prgram") pursuant

More information

Symantec User Authentication Service Level Agreement

Symantec User Authentication Service Level Agreement Symantec User Authenticatin Service Level Agreement Overview and Scpe This Symantec User Authenticatin service level agreement ( SLA ) applies t Symantec User Authenticatin prducts/services, such as Managed

More information

CORPORATE CREDIT CARD POLICY

CORPORATE CREDIT CARD POLICY TITLE: POLICY OWNERS: DATE INSTITUTED: May 1, 2008 CURRENT VERSION: Ver. 1.6 REVISION DATE: July 1, 2015 Crprate Credit Card Plicy Melissa Cluse, Vice President & Cntrller Cindy Klein, Accunts Payable

More information

Systems Support - Extended

Systems Support - Extended 1 General Overview This is a Service Level Agreement ( SLA ) between and the Enterprise Windws Services t dcument: The technlgy services the Enterprise Windws Services prvides t the custmer. The targets

More information

First Global Data Corp.

First Global Data Corp. First Glbal Data Crp. Privacy Plicy As f February 23, 2015 Ding business with First Glbal Data Crp. ("First Glbal", First Glbal Mney, "we" r "us", which includes First Glbal Data Crp. s subsidiary, First

More information

PROTIVITI FLASH REPORT

PROTIVITI FLASH REPORT PROTIVITI FLASH REPORT The PCI Security Standards Cuncil Releases PCI DSS Versin 3.2 May 9, 2016 On April 28, 2016, the PCI Security Standards Cuncil (PCI SSC) released PCI Data Security Standard (PCI

More information

.100 POLICY STATEMENT

.100 POLICY STATEMENT Treasury Management Operatins Sectin: Treasury Management Number: 105.100 Title: Treasury Management Operatins POLICY Index.100 POLICY STATEMENT.110 POLICY RATIONALE.120 AUTHORITY.130 APPROVAL AND EFFECTIVE

More information

IMPLEMENTATION DETAILS

IMPLEMENTATION DETAILS Plicy: Title: Status: 1. Intrductin ISP-I10 Payment Card Security Apprved Infrmatin Security Plicy Dcumentatin IMPLEMENTATION DETAILS 1.1. This dcument supprts implementatin f the "Payment Card Industry

More information

FAYETTEVILLE STATE UNIVERSITY

FAYETTEVILLE STATE UNIVERSITY FAYETTEVILLE STATE UNIVERSITY IDENTITY THEFT PREVENTION (RED FLAGS RULE) Authrity: Categry: Issued by the Fayetteville State University Bard f Trustees. University-Wide Applies t: Administratrs Faculty

More information

Information Services Hosting Arrangements

Information Services Hosting Arrangements Infrmatin Services Hsting Arrangements Purpse The purpse f this service is t prvide secure, supprted, and reasnably accessible cmputing envirnments fr departments at DePaul that are in need f server-based

More information

BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS

BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS SERIES: 1 General Rules RULE: 17.1 Recrd Retentin Scpe: The purpse f this rule is t establish the systematic review, retentin and destructin

More information

expertise hp services valupack consulting description security review service for Linux

expertise hp services valupack consulting description security review service for Linux expertise hp services valupack cnsulting descriptin security review service fr Linux Cpyright services prvided, infrmatin is prtected under cpyright by Hewlett-Packard Cmpany Unpublished Wrk -- ALL RIGHTS

More information

FINANCIAL OPTIONS. 2. For non-insured patients, payment is due on the day of service.

FINANCIAL OPTIONS. 2. For non-insured patients, payment is due on the day of service. FINANCIAL OPTIONS 1. Fr thse patients wh carry dental insurance, all c-payments are due n date f service. We will file yur claim as a service t yu, and will d ur very best t maximize yur benefits. We accept

More information

Key Steps for Organizations in Responding to Privacy Breaches

Key Steps for Organizations in Responding to Privacy Breaches Key Steps fr Organizatins in Respnding t Privacy Breaches Purpse The purpse f this dcument is t prvide guidance t private sectr rganizatins, bth small and large, when a privacy breach ccurs. Organizatins

More information

Unified Infrastructure/Organization Computer System/Software Use Policy

Unified Infrastructure/Organization Computer System/Software Use Policy Unified Infrastructure/Organizatin Cmputer System/Sftware Use Plicy 1. Statement f Respnsibility All emplyees are charged with the security and integrity f the cmputer system. Emplyees are asked t help

More information

Project Startup Report Presented to the IT Committee June 26, 2012

Project Startup Report Presented to the IT Committee June 26, 2012 Prject Name: SOS File 2.0 Agency: Secretary f State Business Unit/Prgram Area: Secretary f State Prject Spnsr: Al Jaeger Prject Manager: Beverly Maitland Prject Startup Reprt Presented t the IT Cmmittee

More information

Personal Data Security Breach Management Policy

Personal Data Security Breach Management Policy Persnal Data Security Breach Management Plicy 1.0 Purpse The Data Prtectin Acts 1988 and 2003 impse bligatins n data cntrllers in Western Care Assciatin t prcess persnal data entrusted t them in a manner

More information

Data Protection Act Data security breach management

Data Protection Act Data security breach management Data Prtectin Act Data security breach management The seventh data prtectin principle requires that rganisatins prcessing persnal data take apprpriate measures against unauthrised r unlawful prcessing

More information

Norwood Public Schools Internet & Cell Phone Use Agreement School Year 2015-16

Norwood Public Schools Internet & Cell Phone Use Agreement School Year 2015-16 Yu must read and agree t fllw the netwrk rules belw t use yur netwrk accunt r access the internet. Nrwd Public Schls makes available t students access t cmputers and the Internet. Students are expected

More information

We will record and prepare documents based off the information presented

We will record and prepare documents based off the information presented Dear Client: We appreciate the pprtunity f wrking with yu regarding yur Payrll needs. T ensure a cmplete understanding between us, we are setting frth the pertinent infrmatin abut the services that we

More information

RECONCILIATION OF FUNDS

RECONCILIATION OF FUNDS RECONCILIATION OF FUNDS ROLES Departmental Staff f Interest Accuntants Office Managers Business Managers Prgram Assistants OVERVIEW S why d we need t recncile? Gd general business practices determine that

More information

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply Sectin 1 General Infrmatin RFR Number: (Reference BPO Number) Functinal Area (Enter One Only) F50B3400026 7 Infrmatin System Security Labr Categry A single supprt resurce may be engaged fr a perid nt t

More information

Merchant Processes and Procedures

Merchant Processes and Procedures Merchant Prcesses and Prcedures Table f Cntents EXHIBIT C 1. MERCHANT INTRODUCTION TO T-CHEK 3 1.1 Wh is T-Chek Systems? 3 1.2 Hw t Cntact T-Chek Systems 3 1.3 Hw t Recgnize T-Chek Frms f Payment 3 1.3.1

More information

Agency Fund (Non-Student Org X-Fund) Guidelines Last Revision: 12/7/2009

Agency Fund (Non-Student Org X-Fund) Guidelines Last Revision: 12/7/2009 Agency Fund (Nn-Student Org X-Fund) Guidelines Last Revisin: 12/7/2009 Definitin f Agency Fund: An Agency Fund cnsists f funds held by Eastern Michigan University as custdian r fiscal agent fr thers, such

More information

P CARD College of Health and Rehabilitation Sciences: Sargent Internal Policy

P CARD College of Health and Rehabilitation Sciences: Sargent Internal Policy P CARD Cllege f Health and Rehabilitatin Sciences: Sargent Internal Plicy All purchasing card hlders must read the Purchasing Card Prgram Manual (P Card Manual) and cnfirm upn ding s via email t the SAM

More information

HIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions 724-942-1337

HIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions 724-942-1337 HIPAA Cmpliance 101 Imprtant Terms Cvered Entities (CAs) The HIPAA Privacy Rule refers t three specific grups as cvered entities, including health plans, healthcare clearinghuses, and health care prviders

More information

iphone Mobile Application Guide Version 2.2.2

iphone Mobile Application Guide Version 2.2.2 iphne Mbile Applicatin Guide Versin 2.2.2 March 26, 2014 Fr the latest update, please visit ur website: www.frte.net/mbile Frte Payment Systems, Inc. 500 West Bethany, Suite 200 Allen, Texas 75013 (800)

More information

Electronic Signatures Overview

Electronic Signatures Overview White Paper Electrnic Signatures Overview Versin 1.0 Last Updated: 20-09-2010 www.sutisft.cm Histry f Electrnic Signatures Over 100 years ag, peple were using Mrse cde and the telegraph t electrnically

More information

IN-HOUSE OR OUTSOURCED BILLING

IN-HOUSE OR OUTSOURCED BILLING IN-HOUSE OR OUTSOURCED BILLING Medical billing is ne f the mst cmplicated aspects f running a medical practice. With thusands f pssible cdes fr diagnses and prcedures, and multiple payers, the ability

More information

NAIC Replacement Requirements For Certain Life Insurance Policies And Annuity Contracts

NAIC Replacement Requirements For Certain Life Insurance Policies And Annuity Contracts NAIC Replacement Requirements Fr Certain Life Insurance Plicies And Annuity Cntracts Duties f Prducers If a transactin invlves a replacement, the prducer must leave with the applicant, at the time an applicatin

More information

Post-Baccalaureate Certificate Programs

Post-Baccalaureate Certificate Programs Pst-Baccalaureate Certificate Prgrams Certificate prgrams benefit students and/r interest by prviding greater flexibility and brader training in areas related t the students' majr fields and making thse

More information

HIPAA Notice of Privacy Practices. Central Ohio Surgical Associates, Inc.

HIPAA Notice of Privacy Practices. Central Ohio Surgical Associates, Inc. HIPAA Ntice f Privacy Practices Central Ohi Surgical Assciates, Inc. THIS NOTICE OF PRIVACY PRACTICES (THE NOTICE ) DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN

More information

Cyber Security: Simulation Platform

Cyber Security: Simulation Platform Service Overview The Symantec Cyber Security: Simulatin Platfrm is a Web hsted Service with immersive and hands-n access t cyber exercises fr ffensive (red team) events, inspired by real-life security

More information

Research Report. Abstract: The Emerging Intersection Between Big Data and Security Analytics. November 2012

Research Report. Abstract: The Emerging Intersection Between Big Data and Security Analytics. November 2012 Research Reprt Abstract: The Emerging Intersectin Between Big Data and Security Analytics By Jn Oltsik, Senir Principal Analyst With Jennifer Gahm Nvember 2012 2012 by The Enterprise Strategy Grup, Inc.

More information

SaaS Listing CA Cloud Service Management

SaaS Listing CA Cloud Service Management SaaS Listing CA Clud Service Management 1. Intrductin This dcument prvides standards and features that apply t the CA Clud Service Management (CSM) SaaS ffering prvided t the Custmer and defines the parameters

More information

Privacy Policy. The Central Equity Group understands how highly people value the protection of their privacy.

Privacy Policy. The Central Equity Group understands how highly people value the protection of their privacy. Privacy Plicy The Central Equity Grup understands hw highly peple value the prtectin f their privacy. Fr that reasn, the Central Equity Grup takes particular care in dealing with any persnal and sensitive

More information

Point2 Property Manager Quick Setup Guide

Point2 Property Manager Quick Setup Guide Click the Setup Tab Mst f what yu need t get started using Pint 2 Prperty Manager has already been taken care f fr yu. T begin setting up yur data in Pint2 Prperty Manager, make sure yu have cmpleted the

More information

IT Help Desk Service Level Expectations Revised: 01/09/2012

IT Help Desk Service Level Expectations Revised: 01/09/2012 IT Help Desk Service Level Expectatins Revised: 01/09/2012 Overview The IT Help Desk team cnsists f six (6) full time emplyees and fifteen (15) part time student emplyees. This team prvides supprt fr 25,000+

More information

Wire Transfer Request

Wire Transfer Request Wire Transfer Request Requirements and Instructins OFFICE OF DISBURSEMENTS Categry: Dcument Name: Payment Prcessing Wire Transfer Request - Requirements and Instructins Respnsible Department: Office f

More information

State Fleet Card Oversight Usage and Responsibilities

State Fleet Card Oversight Usage and Responsibilities State Fleet Card Oversight Usage and Respnsibilities Intrductin The Department f General Services (DGS), Office f Fleet and Asset Management (OFAM) administers a statewide ne-prvider payment system cntract

More information

TITLE: RECORDS AND INFORMATION MANAGEMENT POLICY

TITLE: RECORDS AND INFORMATION MANAGEMENT POLICY TITLE: RECORDS AND INFORMATION MANAGEMENT POLICY REFERENCE NUMBER: 14/103368 RESPONSIBLE DEPARTMENT: Crprate Services APPLICABLE LEGISLATION: State Recrds Act 1997 Lcal Gvernment Act 1999 Crpratins Act

More information

Multi-Year Accessibility Policy and Plan for NSF Canada and NSF International Strategic Registrations Canada Company, 2014-2021

Multi-Year Accessibility Policy and Plan for NSF Canada and NSF International Strategic Registrations Canada Company, 2014-2021 Multi-Year Accessibility Plicy and Plan fr NSF Canada and NSF Internatinal Strategic Registratins Canada Cmpany, 2014-2021 This 2014-21 accessibility plan utlines the plicies and actins that NSF Canada

More information

WHAT YOU NEED TO KNOW ABOUT. Protecting your Privacy

WHAT YOU NEED TO KNOW ABOUT. Protecting your Privacy WHAT YOU NEED TO KNOW ABOUT Prtecting yur Privacy YOUR PRIVACY IS OUR PRIORITY Credit unins have a histry f respecting the privacy f ur members and custmers. Yur Bard f Directrs has adpted the Credit Unin

More information

Skrill Merchant Services Application Form

Skrill Merchant Services Application Form Skrill Merchant Services Applicatin Frm Skrill Merchant Services Applicatin Frm (the Applicatin ) shuld be signed by r n behalf f the Merchant. It is very imprtant that the Merchant has read the Applicatin

More information

Skrill Merchant Services Application Form

Skrill Merchant Services Application Form Skrill Merchant Services Applicatin Frm Skrill Merchant Services Applicatin Frm (the Applicatin ) shuld be signed by r n behalf f the Merchant. It is very imprtant that the Merchant has read the Applicatin

More information

Plus500CY Ltd. Statement on Privacy and Cookie Policy

Plus500CY Ltd. Statement on Privacy and Cookie Policy Plus500CY Ltd. Statement n Privacy and Ckie Plicy Statement n Privacy and Ckie Plicy This website is perated by Plus500CY Ltd. ("we, us r ur"). It is ur plicy t respect the cnfidentiality f infrmatin and

More information

State Bank Virtual Card FAQs

State Bank Virtual Card FAQs State Bank Virtual Card FAQs 1) What is State Bank Virtual Card? State Bank Virtual Card is a limit Debit card, which can be created using the State Bank Internet Banking facility fr ecmmerce (nline) transactins.

More information

Payment Card Industry (PCI) Qualified Integrators and Resellers

Payment Card Industry (PCI) Qualified Integrators and Resellers Payment Card Industry (PCI) Qualified Integratrs and Resellers Prgram Guide Versin 3.0 September 2015 Dcument Changes Date Versin Descriptin August 2012 1.0 Initial release f the PCI Qualified Integratrs

More information

Licensing Windows Server 2012 for use with virtualization technologies

Licensing Windows Server 2012 for use with virtualization technologies Vlume Licensing brief Licensing Windws Server 2012 fr use with virtualizatin technlgies (VMware ESX/ESXi, Micrsft System Center 2012 Virtual Machine Manager, and Parallels Virtuzz) Table f Cntents This

More information

2. Are there any restrictions on when the work can be performed (e.g. only at night, only during business hours, only on weekends)? No.

2. Are there any restrictions on when the work can be performed (e.g. only at night, only during business hours, only on weekends)? No. HIPAA Technical Risk Security Assessment 1. Will yu be issuing additinal directins fr the frmatting f the final prpsal due Nvember 21 st? There is nt specific frmatting requirements, just submit the prpsal

More information

Volume THURSTON COUNTY CLERK S OFFICE. e-file SECURE FTP Site (January 2011) User Guide

Volume THURSTON COUNTY CLERK S OFFICE. e-file SECURE FTP Site (January 2011) User Guide Vlume 1 THURSTON COUNTY CLERK S OFFICE e-file SECURE FTP Site (January 2011) User Guide Table f Cntents C H A P T E R 1 FTP e-filing SERVICE 1 Dcument Requirements 1 Scanners 2 File naming cnventin 2 e-file

More information

IT Account and Access Procedure

IT Account and Access Procedure IT Accunt and Access Prcedure Revisin Histry Versin Date Editr Nature f Change 1.0 3/23/06 Kelly Matt Initial Release Table f Cntents 1.0 Overview... 1 2.0 Purpse... 1 3.0 Scpe... 1 4.0 Passwrds... 1 4.1

More information

Supersedes: DPS Policy 10.09 - Internet and Use Of The DPSnet, July 14, 2000 Effective: February 15, 2005 Pages: 1 of 5

Supersedes: DPS Policy 10.09 - Internet and Use Of The DPSnet, July 14, 2000 Effective: February 15, 2005 Pages: 1 of 5 Plicy: 13.01 SUBJECT: INTERNET USAGE Supersedes: DPS Plicy 10.09 - Internet and Use Of The DPSnet, July 14, 2000 Effective: February 15, 2005 Pages: 1 f 5 1.0 POLICY PURPOSE Detrit Public Schls (DPS) Internet

More information

Service Request Form

Service Request Form New Prfessinal Services Order Frm Editable PDF Service Request Frm If yu have any questins while filling ut this frm, please cntact yur CDM, email Prfessinal Services at PS@swipeclck.cm, r call 888-223-3250

More information

Licensing Windows Server 2012 R2 for use with virtualization technologies

Licensing Windows Server 2012 R2 for use with virtualization technologies Vlume Licensing brief Licensing Windws Server 2012 R2 fr use with virtualizatin technlgies (VMware ESX/ESXi, Micrsft System Center 2012 R2 Virtual Machine Manager, and Parallels Virtuzz) Table f Cntents

More information

Cloud-based File Sharing: Privacy and Security Tutorial Institutional Compliance Office July 2013

Cloud-based File Sharing: Privacy and Security Tutorial Institutional Compliance Office July 2013 Clud-based File Sharing: Privacy and Security Tutrial Institutinal Cmpliance Office July 2013 Patient Data in the Clud Prtecting patient privacy is ne f MD Andersn s greatest respnsibilities Technlgies

More information

HP Point of Sale FAQ Warranty, Care Pack Service & Support. Limited warranty... 2 HP Care Pack Services... 3 Support... 3

HP Point of Sale FAQ Warranty, Care Pack Service & Support. Limited warranty... 2 HP Care Pack Services... 3 Support... 3 HP Pint f Sale FAQ Warranty, Care Pack Service & Supprt Limited warranty... 2 HP Care Pack Services... 3 Supprt... 3 Limited warranty Q: What des a 3/3/3 limited warranty mean? A: HP Retail Pint f Sale

More information

CMS Eligibility Requirements Checklist for MSSP ACO Participation

CMS Eligibility Requirements Checklist for MSSP ACO Participation ATTACHMENT 1 CMS Eligibility Requirements Checklist fr MSSP ACO Participatin 1. General Eligibility Requirements ACO participants wrk tgether t manage and crdinate care fr Medicare fee-fr-service beneficiaries.

More information

Using PayPal Website Payments Pro UK with ProductCart

Using PayPal Website Payments Pro UK with ProductCart Using PayPal Website Payments Pr UK with PrductCart Overview... 2 Abut PayPal Website Payments Pr & Express Checkut... 2 What is Website Payments Pr?... 2 Website Payments Pr and Website Payments Standard...

More information

Heythrop College Disciplinary Procedure for Support Staff

Heythrop College Disciplinary Procedure for Support Staff Heythrp Cllege Disciplinary Prcedure fr Supprt Staff Intrductin 1. This prcedural dcument des nt apply t thse academic-related staff wh are mentined in the Cllege s Ordinance, namely the Librarian and

More information

Office Use Only Account # Approved By:

Office Use Only Account # Approved By: Office Use Only Accunt # Apprved By: Dealer Applicatin Please cmplete and submit this applicatin alng with a cpy f yur (EIN) Federal Tax Id Number certificate befre placing yur 1 st rder. We will review

More information

ES PROCEDURES FOR OVERPAYMENT RECOVERY

ES PROCEDURES FOR OVERPAYMENT RECOVERY ES PROCEDURES FOR OVERPAYMENT RECOVERY Effective: 7/1/2012 Respnsible Office: Emplyee Services (ES) Apprved: ES Directr Applicatin: All Emplyees f the University f Clrad Plicy The University f Clrad will

More information

To Receive CPE Credit

To Receive CPE Credit Trends in ACH Fraud & Risk Management Jhn A. Mills, AAP Supervising Cnsultant jmills@bkd.cm 314.231.5544 March 28, 2013 T Receive CPE Credit Participate in entire webinar Answer plls when they are prvided

More information

Software and Hardware Change Management Policy for CDes Computer Labs

Software and Hardware Change Management Policy for CDes Computer Labs Sftware and Hardware Change Management Plicy fr CDes Cmputer Labs Overview The cmputer labs in the Cllege f Design are clsely integrated with the academic needs f faculty and students. Cmputer lab resurces

More information

FAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT

FAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT FAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT If using US Pstal Service, please return t: Califrnia Student Aid Cmmissin Prgram Administratin & Services Divisin ATTN: Institutinal Supprt P.O. Bx 419028

More information

THIRD PARTY PROCUREMENT PROCEDURES

THIRD PARTY PROCUREMENT PROCEDURES ADDENDUM #1 THIRD PARTY PROCUREMENT PROCEDURES NORTH CENTRAL TEXAS COUNCIL OF GOVERNMENTS TRANSPORTATION DEPARTMENT JUNE 2011 OVERVIEW These prcedures establish standards and guidelines fr the Nrth Central

More information

Christchurch Polytechnic Institute of Technology Access Control Security Standard

Christchurch Polytechnic Institute of Technology Access Control Security Standard CPIT Crprate Services Divisin: ICT Christchurch Plytechnic Institute f Technlgy Access Cntrl Security Standard Crprate Plicies & Prcedures Sectin 1: General Administratin Dcument CPP121a Principles Infrmatin

More information

How to put together a Workforce Development Fund (WDF) claim 2015/16

How to put together a Workforce Development Fund (WDF) claim 2015/16 Index Page 2 Hw t put tgether a Wrkfrce Develpment Fund (WDF) claim 2015/16 Intrductin What eligibility criteria d my establishment/s need t meet? Natinal Minimum Data Set fr Scial Care (NMDS-SC) and WDF

More information

Licensing the Core Client Access License (CAL) Suite and Enterprise CAL Suite

Licensing the Core Client Access License (CAL) Suite and Enterprise CAL Suite Vlume Licensing brief Licensing the Cre Client Access License (CAL) Suite and Enterprise CAL Suite Table f Cntents This brief applies t all Micrsft Vlume Licensing prgrams. Summary... 1 What s New in This

More information

Project Open Hand Atlanta. Health Insurance Portability and Accountability Act (HIPAA) NOTICE OF PRIVACY PRACTICES

Project Open Hand Atlanta. Health Insurance Portability and Accountability Act (HIPAA) NOTICE OF PRIVACY PRACTICES Prject Open Hand Atlanta Effective Date: April 14, 2003 Health Insurance Prtability and Accuntability Act (HIPAA) The Health Insurance Prtability and Accuntability Act f 1996 (HIPAA) directs health care

More information

Convenience Fees BEST PRACTICES FOR MERCHANT USE OF CONVENIENCE FEES:

Convenience Fees BEST PRACTICES FOR MERCHANT USE OF CONVENIENCE FEES: Cnvenience Fees This publicatin includes Card Acceptance Guide language n Best Practices fr Merchant Use f Cnvenience Fees in additin t addressing specific differences by card brand and special circumstances

More information

Internal Audit Charter and operating standards

Internal Audit Charter and operating standards Internal Audit Charter and perating standards 2 1 verview This dcument sets ut the basis fr internal audit: (i) the Internal Audit charter, which establishes the framewrk fr Internal Audit; and (ii) hw

More information

Retail Security and Compliance Where On Earth is it Headed?

Retail Security and Compliance Where On Earth is it Headed? Retail Security and Cmpliance Where On Earth is it Headed? An verview f the retail sectr s IT threats and hw t be mre effective in preventing them. Agenda Intrductin Retail in the news Why cyber security

More information

FINRA Regulation Filing Application Batch Submissions

FINRA Regulation Filing Application Batch Submissions FINRA Regulatin Filing Applicatin Batch Submissins Cntents Descriptin... 2 Steps fr firms new t batch submissin... 2 Acquiring necessary FINRA accunts... 2 FTP Access t FINRA... 2 FTP Accunt n FINRA s

More information

ARMY Auto-Debit Setup Using MX830

ARMY Auto-Debit Setup Using MX830 Tpic Dc - ARMY Aut-Debit Setup Using MX830 Updated July 2012 SYSTEM SETUP CHECKLIST: (See details belw) 1. Upgrade t 10.1s r Greater and Lad Patch Files sa0445x and sa0399 2. Obtain Lcal/Regin Cmmand Apprval

More information

FREQUENTLY ASKED QUESTIONS ON THE EUCOMED ETHICAL BUSINESS LOGO

FREQUENTLY ASKED QUESTIONS ON THE EUCOMED ETHICAL BUSINESS LOGO Rue Jseph II, 40 www.eucmed.rg FREQUENTLY ASKED QUESTIONS ON THE EUCOMED ETHICAL BUSINESS LOGO Q1: What is the Eucmed Ethical Business Lg? A1: The Ethical Business Lg is a Lg licensed by Eucmed, the Eurpean

More information

SITE APPLICATIONS USER GUIDE:

SITE APPLICATIONS USER GUIDE: SITE APPLICATIONS USER GUIDE: CPCONTROLLER, CCENGINE, SYNC, TPORT, CCTERMINAL Cpyright 2013 Triple E Technlgies. All rights reserved. Site Applicatins User Guide INTRODUCTION The applicatins described

More information

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Versin: Mdified By: Date: Apprved By: Date: 1.0 Michael Hawkins Octber 29, 2013 Dan Bwden Nvember 2013 Rule 4-004J Payment Card Industry (PCI) Patch Management (prpsed) 01.1 Purpse The purpse f the Patch

More information

Detroit Public Schools Policy 13.14 Page 1

Detroit Public Schools Policy 13.14 Page 1 Detrit Public Schls Plicy 13.14 Page 1 SUBJECT: Supersedes: STUDENT RECORD AND TRANSCRIPT PROCESSING Nne; New Plicy Effective: September 1, 2006 Page: 1 f 10 1.0 Purpse 2.0 Scpe This prcedure dcuments

More information

Installation Guide Marshal Reporting Console

Installation Guide Marshal Reporting Console Installatin Guide Installatin Guide Marshal Reprting Cnsle Cntents Intrductin 2 Supprted Installatin Types 2 Hardware Prerequisites 2 Sftware Prerequisites 3 Installatin Prcedures 3 Appendix: Enabling

More information

UBC Incident Response Plan V1.5

UBC Incident Response Plan V1.5 UBC Incident Respnse Plan V1.5 Cntents 1. Ratinale... 2 2. Objective... 2 3. Applicatin... 2 4. Reprting a Cmputer Security Incident... 2 5. Managing the Security Incident... 2 5.1. All Incidents... 2

More information

Dates Visa MasterCard Discover American Express. Acquirers, subprocessors. support EMV International ATM liability shift 2

Dates Visa MasterCard Discover American Express. Acquirers, subprocessors. support EMV International ATM liability shift 2 Netwrk Updates Summer 2015 We are cmmitted t wrking clsely with yu n achieving yur business gals. As a part f this cmmitment, we carefully mnitr Netwrk changes and summarize them fr yur cnvenience. Fllwing

More information

FCA US INFORMATION & COMMUNICATION TECHNOLOGY MANAGEMENT

FCA US INFORMATION & COMMUNICATION TECHNOLOGY MANAGEMENT EDI ROADMAP FCA US INFORMATION & COMMUNICATION TECHNOLOGY MANAGEMENT FCA US EDI Radmap Business Requirement All FCA suppliers and carriers are required t establish an Electrnic Data Interchange (EDI) cnnectin.

More information

Malpractice and Maladministration Policy

Malpractice and Maladministration Policy TR340 Malpractice and Maladministratin Plicy This plicy aims t: Define malpractice and maladministratin in the cntext f CIM/CAM studying members, Accredited study centres (ASCs), examinatin centres, invigilatrs

More information