PCI Data Security. Information Services & Cash Management. Contents
|
|
- Morris Bond
- 8 years ago
- Views:
Transcription
1 PCI Data Security Information Services & Cash Management This self-directed learning module contains information you are expected to know to protect yourself, our patients, and our guests. Target Audience: All Teammates Contents Instructions... 2 Learning Objectives... 2 Module Content... 3 Job Aid... 6 Posttest Page 1 of 11
2 Instructions: The material in this module is an introduction to important general information and procedures to ensure data security, a requirement of the Payment Card Industry Data Security Standards (PCI-DSS). After completing this module, contact your supervisor to obtain additional information specific to your department. Read this module. If you have any questions about the material, ask your supervisor. Complete the online posttest at the end of this module. If a printed version of the test is taken, you must provide the results to your supervisor upon completion. The Job Aid on page 6 is relevant to individuals that are involved in the receipt and handling of cardholder data and may be customized to fit your department and then used as a quick reference guide. Learning Objectives: When you finish this module, you will be able to: Understand the importance of data security Understand your responsibilities as they relate to data security Identify key elements of the data security program Describe ways that you can prevent unauthorized disclosure of data Explain why storing or copying data onto personal computers or unsecure removable media is prohibited Describe the steps necessary to report unauthorized disclosure of data Identify the policies and procedures associated with the data security program Page 2 of 11
3 The Payment Card Industry Data Security Standards (PCI-DSS) A set of regulations created to protect cardholder data from loss or misuse. CHS is required to adhere to PCI-DSS in order to accept payment cards. Payment cards include credit and debit cards. Cardholder data also known as Confidential Data includes: Primary Account Number (PAN) Expiration Date Cardholder Name Password, , address, and other personal Confidential Data PCI-DSS applies to all formats: paper (receipts, handwritten forms, billing statements, etc.), electronic and verbal. PAN EXPIRATION DATE PCI-DSS Goals & Requirements The goals and objectives of PCI-DSS are: 1. Build and maintain a secure network 2. Protect confidential data 3. Maintain a vulnerability management program 4. Implement strong access control measures 5. Regularly monitor and test networks 6. Maintain an information security policy The effectiveness of the controls associated with the above goals relies on everyone adhering to policies and procedures in order to ensure a secure cardholder data environment. Page 3 of 11
4 Sensitive Authorization Data PCI-DSS prohibits storage of sensitive authorization data, which includes: Track Data & PV/PIN block on magnetic strip CVV2/CVC2/CID on front or back of card Magnetic strip Places Where Confidential Data May Exist Most of us are accustomed to using credit and/or debit cards when pumping gas, buying groceries or while at the mall. Here at CHS, payment cards are an accepted payment method in various locations, including but not limited to: Carolinas Healthcare System Medical Group, System Billing Office or Central Billing Office Admitting, Registration, or Cashier Gift Shop, Cafeteria or Coffee Shop Pharmacy Clinics and Urgent Care Foundation Health Club or Fitness Center Rehab Facility Any department or service selling/renting medical equipment and supplies Common Types of Data Breaches The most common types of data breaches include, but are not limited to: Technology attacks - Hacking Lost or stolen equipment Laptops, USB drives Stolen or copied paper records Inadvertent disclosure Malicious insiders Page 4 of 11
5 How PCI-DSS Impacts You Whether you are directly involved with the receipt and handling of card payments, you are required to ensure a secure environment that promotes data security: Do not share your passwords with anyone. The CHS Support Center or Information Services will NEVER ask you for your password. Never use text, , or instant messaging to transmit Confidential Data. Never photocopy or scan credit card numbers that are written on paper or the actual cards themselves. (i.e. Scan to on Xerox machines, Click-on DMS, Hyland Onbase, etc.) Properly dispose of Confidential Data. Use the Asset Transfer and Disposal eform to engage Information Services in the proper disposal of electronic media, computer equipment, or credit card terminal equipment. Do not disable, uninstall or otherwise bypass security controls (e.g. antivirus, use someone else s user ID and password, connect to the Guest wireless network). Lock computer or log out when unattended and use lock-down kits or other appropriate anti-theft mechanisms to secure laptops or other portable devices. Prevent credit card terminals or credit card processing computers from physical access by unauthorized persons. Do not create spreadsheets or documents to store credit card numbers, or otherwise store any sensitive credit card information electronically on CHS equipment. Always be attentive to suspicious activity and report issues to the CHS Support Center at immediately if: o An unknown person wants to modify or install something on a credit card reader or Point-of-Sale (POS) unit. o You clicked on a suspicious link, pop-up window or opened a suspicious attachment. o Computer equipment, including credit processing equipment, is lost or stolen. o You have reason to believe someone may have your password. Report suspected or known breaches of confidential data to your Supervisor, Facility Privacy Director, CHS Corporate Privacy at or the Customer Care Line at Page 5 of 11
6 Attestation of Compliance All teammates are required to attest their compliance to proper confidential data handling security standards. Additionally, CHS must complete an Attestation of Compliance document annually as a declaration of our compliance status with the Payment Card Industry Data Security Standard (PCI DSS). JOB AID 1 Steps to secure the CHS data environment 1 Safe Handling of Cardholder Data When receiving and handling a payment card directly from a customer: o Check the name on the card with a photo I.D. o Compare the signature with the one on the back of the card. o Process immediately. o Shield the card from view of others. When receiving cardholder data by Phone: o Ensure the accuracy of cardholder information by asking the caller to repeat the card number back to you. o Never say the card number back to the customer. This practice ensures that no one will overhear this sensitive information. When receiving cardholder data by Fax: o Cardholder data may not be received by Fax unless the fax machine is located in a highly secured area restricted to teammates that are authorized to process payment card transactions. Cardholder data must NEVER be sent, accepted or solicited via , Instant Messaging or Text. If a patient or customer sends you an , Instant Message or Text containing cardholder data, reply to the sender WITHOUT including the original message and: o Notify the sender of acceptable methods of payment. o Notify the sender that the original message with cardholder data was deleted. o Do not print, forward, or retain the message in any format. Page 6 of 11
7 o Delete the message & empty the Trash/Deleted Items/Recycle Bin. When receiving cardholder data by Web Payment: o CHS teammates should only use approved web payment solutions (e.g. TrustVault). Teammates are responsible for verifying all web payment applications with their Manager. o CHS teammates should not create webpages that request or collect cardholder data. Process payment card transactions immediately when cardholder data is received: o Card swiped/entered into a dial-up swipe terminal. o Card swiped or entered into a POS terminal. o With the exception of virtual terminal solutions (e.g. TrustVault), cardholder data should NEVER be entered into a computer. Cardholder data may not be electronically stored on any device in any format including local hard drives, personal network drives, CD s, USB drives or any other local computing device. No electronic cardholder data storage is allowed outside of the approved applications and servers maintained by CHS Information Services. Cardholder data may not be photocopied, scanned, or photographed. Equipment and physical facilities must be properly secured: o Use of door locks after business hours. o Security cameras and alarms. o Proper issuance & collection of badge/key access. o Regular inspection of equipment (e.g. lock down kits, card readers, etc.) to detect tampering or substitution (e.g. addition of card skimmers to card readers, serial number changes, broken or different colored casing). Report any issues to your manager or a security officer IMMEDIATELY! Departments that use computer equipment or POS terminals to process card payments must ensure that: o Teammates use difficult to guess passwords that are at least 8 characters in length and include a combination of letters, numbers and special characters. Page 7 of 11
8 o Teammates issued a POS access card must protect the card from loss, and never share the card with others. o In the event of a lost or stolen POS access card, the employee must inform his/her manager immediately. o Any changes, repairs or replacement of equipment (including card readers) must be arranged and coordinated through Cash Management and facilitated by authorized Information Services personnel only. ALWAYS VERIFY! Cardholder data may not be written down. If a department has appropriate business justification to write down cardholder data, they must do so using a Credit Card Payment Form and follow these safety procedures: o Maintain a secured storage location for these forms. o Process the transaction as soon as possible but no later than ONE business day from the date received. o Credit Card Payment Forms that cannot be processed immediately must be properly locked inside of a secure storage compartment Storage may be a drawer, overhead bin, closet, etc. Storage MAY NOT be a portable lockable device such as a briefcase, cashbox, etc. Storage must not be labeled or marked so as to identify its contents. When cardholder data is present, the storage location must be locked at all times. The payment must be processed within ONE business day of being received. Only teammates who have completed this training module should have access to the storage. Properly dispose of the Credit Card Payment Form (e.g. cross-cut shredder or locked shred bin for 3 rd party disposal). Page 8 of 11
9 In the event of a suspected breach or loss of payment card data, teammates are obligated to notify the CHS Support Center at within 24 hours. Review the following CHS Policies: o IS.PHI Communications Environment Acceptable Use Policy o IS.PHI Information Services Security Policy o FIN PCI Data Security Standard Policy Page 9 of 11
10 Posttest Name: Date: Circle the correct answer. 1. CHS is required to comply with PCI-DSS because: a. CHS is a large organization b. CHS accepts payment cards c. CHS is not required to comply with PCI-DSS d. PCI-DSS is part of HIPAA 2. PCI-DSS only applies to Information Services since they maintain all of the CHS electronic systems a. True b. False 3. PCI-DSS only applies to CHS teammates that handle card payment transactions: a. True b. False 4. My responsibilities to protect confidential data include: a. Keeping my password secret b. Never using text, , or instant messaging to transmit confidential data c. Locking my computer or logging out when leaving it unattended d. All of the above 5. I can store cardholder data electronically as long as I: a. Properly dispose of it using an Asset Transfer and Disposal eform b. Encrypt the data and properly dispose of it using an Asset Transfer and Disposal eform c. Store it on my personal drive and password protect the file d. I am never allowed to store electronic cardholder data 6. I am responsible for reporting a suspected or known breach of confidential data. To report a suspected or known data breach I should: a. Contact my Supervisor b. Contact my Facility Privacy Director c. Contact the CHS Corporate Privacy Department d. Any of the above Page 10 of 11
11 7. PCI-DSS only applies to electronic confidential data: a. True b. False 8. If I accidentally click on a link from an unknown sender I should: a. Do nothing; my anti-virus software will protect my computer and confidential data b. Contact the CHS Support Center at c. Close my browser and restart my computer d. Follow the data breach reporting process 9. If an unknown person is tampering with a credit card device, I should: a. Do nothing and let them finish b. Report the incident to the CHS Support Center c. Call 911 immediately d. Either b or c 10. It is ok for me to replace credit card equipment without authorization and verification: a. True b. False 11. The following are signs that indicate a device has been tampered with: a. The device serial number has been changed b. The card reader is colored differently than normal c. A card skimmer has been added to the device d. All of the above 12. By clicking Yes below, I attest that I have read and understand the Information Services Security Policy, the CHS Communications Environment Acceptable Use Policy and the PCI Data Security Standard Policy: a. Yes b. No Page 11 of 11
Policy for Protecting Customer Data
Policy for Protecting Customer Data Store Name Store Owner/Manager Protecting our customer and employee information is very important to our store image and on-going business. We believe all of our employees
More information2.0 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS (PCI-DSS)
CSU, Chico Credit Card Handling Security Standard Effective Date: July 28, 2015 1.0 INTRODUCTION This standard provides guidance to ensure that credit card acceptance and ecommerce processes comply with
More informationPayment Cardholder Data Handling Procedures (required to accept any credit card payments)
Payment Cardholder Data Handling Procedures (required to accept any credit card payments) Introduction: The Procedures that follow will allow the University to be in compliance with the Payment Card Industry
More informationPrivacy and Security For Managers
Privacy and Security For Managers This self directed learning module contains information all CHS Teammates are expected to know in order to protect our patients, our guests, and ourselves. Target Audience:
More informationLSE PCI-DSS Cardholder Data Environments Information Security Policy
LSE PCI-DSS Cardholder Data Environments Information Security Policy Written By: Jethro Perkins, Information Security Manager Reviewed By: Ali Lindsley, PCI-DSS Project Manager Endorsed By: PCI DSS project
More informationPurpose: To comply with the Payment Card Industry Data Security Standards (PCI DSS)
Procedure Credit Card Handling and Security for Departments/Divisions and Elected/Appointed Offices Last Update: January 19, 2016 References: Credit Card Payments Policy Purpose: To comply with the Payment
More information2014 Core Training 1
2014 Core Training 1 Course Agenda Review of Key Privacy Laws/Regulations: Federal HIPAA/HITECH regulations State privacy laws Privacy & Security Policies & Procedures Huntsville Hospital Health System
More informationViterbo University Credit Card Processing & Data Security Procedures and Policy
The requirements for PCI-DSS compliance are quite numerous and at times extremely complicated due to their interdependent nature and scope. The University has deemed it necessary for those areas currently
More information6-8065 Payment Card Industry Compliance
0 0 0 Yosemite Community College District Policies and Administrative Procedures No. -0 Policy -0 Payment Card Industry Compliance Yosemite Community College District will comply with the Payment Card
More informationInformation Technology
Credit Card Handling Security Standards Overview Information Technology This document is intended to provide guidance to merchants (colleges, departments, organizations or individuals) regarding the processing
More informationInformation Security Policy
Information Security Policy Contents Version: 1 Contents... 1 Introduction... 2 Anti-Virus Software... 3 Media Classification... 4 Media Handling... 5 Media Retention... 6 Media Disposal... 7 Service Providers...
More informationPOLICY & PROCEDURE DOCUMENT NUMBER: 3.3101. DIVISION: Finance & Administration. TITLE: Policy & Procedures for Credit Card Merchants
POLICY & PROCEDURE DOCUMENT NUMBER: 3.3101 DIVISION: Finance & Administration TITLE: Policy & Procedures for Credit Card Merchants DATE: October 24, 2011 Authorized by: K. Ann Mead, VP for Finance & Administration
More informationEASTERN OKLAHOMA STATE COLLEGE ACCEPTING AND HANDLING CREDIT AND DEBIT CARD PAYMENTS POLICIES AND PROCEDURES
EASTERN OKLAHOMA STATE COLLEGE ACCEPTING AND HANDLING CREDIT AND DEBIT CARD PAYMENTS POLICIES AND PROCEDURES This document describes Eastern Oklahoma State College s policy and procedures for the proper
More informationPCI Training for Retail Jamboree Staff Volunteers. Securing Cardholder Data
PCI Training for Retail Jamboree Staff Volunteers Securing Cardholder Data Securing Cardholder Data Introduction This PowerPoint presentation is designed to educate Retail Jamboree Staff volunteers on
More informationCOLUMBUS STATE COMMUNITY COLLEGE POLICY AND PROCEDURES MANUAL
PAYMENT CARD INDUSTRY COMPLIANCE (PCI) Effective June 1, 2011 Page 1 of 6 (1) Definitions a. Payment Card Industry Data Security Standards (PCI-DSS): A set of standards established by the Payment Card
More informationCredit Card Handling Security Standards
Credit Card Handling Security Standards Overview This document is intended to provide guidance to merchants (colleges, departments, auxiliary organizations or individuals) regarding the processing of charges
More informationCREDIT CARD PROCESSING POLICY AND PROCEDURES
CREDIT CARD PROCESSING POLICY AND PROCEDURES Note: For purposes of this document, debit cards are treated the same as credit cards. Any reference to credit cards includes credit and debit card transactions.
More informationPHI- Protected Health Information
HIPAA Policy 2014 The Health Insurance Portability and Accountability Act is a federal law that protects the privacy and security of patients health information and grants certain rights to patients. Clarkson
More informationDartmouth College Merchant Credit Card Policy for Managers and Supervisors
Dartmouth College Merchant Credit Card Policy for Managers and Supervisors Mission Statement Dartmouth College requires all departments that process, store or transmit credit card data remain in compliance
More informationEAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy )
EAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy ) Background Due to increased threat of identity theft, fraudulent credit card activity and other instances where cardholder
More informationStandards for Business Processes, Paper and Electronic Processing
Payment Card Acceptance Information and Procedure Guide (for publication on the Treasury Webpages) A companion guide to University policy 6120, Payment Card Acceptance Standards for Business Processes,
More informationSection 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015
Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015 I. PURPOSE The purpose of this policy is to establish guidelines for processing charges on Payment Cards to protect
More informationPayment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance Merchants with Only Imprint Machines or Only Standalone, Dial-out Terminals Electronic Cardholder
More informationTERMINAL CONTROL MEASURES
UCR Cashiering & Payment Card Services TERMINAL CONTROL MEASURES Instructions: Upon completion, please sign and return to cashandmerchant@ucr.edu when requesting a stand-alone dial up terminal. The University
More informationPCI Compliance Security Awareness Program For Marine Corps Community Services Contacts: Paul Watson
PCI Compliance Security Awareness Program For Marine Corps Community Services Contacts: Paul Watson Overview What is PCI? MCCS Compliance PCI DSS Technical Requirements MCCS Information Security Policies
More informationAppendix 1 Payment Card Industry Data Security Standards Program
Appendix 1 Payment Card Industry Data Security Standards Program PCI security standards are technical and operational requirements set by the Payment Card Industry Security Standards Council to protect
More informationOffice of Finance and Treasury
Office of Finance and Treasury How to Accept & Process Credit and Debit Card Transactions Procedure Related Policy Title Credit Card Processing Policy For University Merchant Locations Responsible Executive
More informationMcGill Merchant Manual
McGill Merchant Manual The McGill Merchant Manual is a complementary document to the Merchant (PCI) Policy and Procedures and serves to aid Merchants in ensuring their operations comply with Payment Card
More informationAndrews University Payment Card Acceptance Policies & Procedures. Prepared by Financial Administration
Andrews University Payment Card Acceptance Policies & Procedures Prepared by Financial Administration July 12, 2011 Part I: Introduction of Policy and Purpose Formatted: Font: 12 pt In order to protect
More informationPCI DSS Security Awareness Training for University of Tennessee Credit Card Merchants. UT System Administration Information Security Office
PCI DSS Security Awareness Training for University of Tennessee Credit Card Merchants UT System Administration Information Security Office Agenda Overview of PCI DSS Compliance versus Non-Compliance PCI
More informationCREDIT CARD POLICY DRAFT
APPROVED BY Ronald J. Paprocki I. Policy Statement Any office of the University that processes credit card transactions may do so only in the manner approved by the University Treasury Office and in compliance
More informationThis policy applies to all GPC units that process, transmit, or handle cardholder information in a physical or electronic format.
Policy Number: 339 Policy Title: Credit Card Processing Policy, Procedure, & Standards Review Date: 07-23-15 Approval Date: 07-27-15 POLICY: All individuals involved in handling credit and debit card transactions
More informationTREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS
TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS 1. Introduction Debit and Credit Card Receipt Standards apply to the administration
More informationDartmouth College Merchant Credit Card Policy for Processors
Mission Statement Dartmouth College Merchant Credit Card Policy for Processors Dartmouth College requires all departments that process, store or transmit credit card data remain in compliance with the
More informationMiami University. Payment Card Data Security Policy
Miami University Payment Card Data Security Policy IT Policy IT Standard IT Guideline IT Procedure IT Informative Issued by: IT Services SCOPE: This policy covers all units within Miami University that
More informationSECTION: SUBJECT: PCI-DSS General Guidelines and Procedures
1. Introduction 1.1. Purpose and Background 1.2. Central Coordinator Contact 1.3. Payment Card Industry Data Security Standards (PCI-DSS) High Level Overview 2. PCI-DSS Guidelines - Division of Responsibilities
More informationPCI Security Awareness for ECU Payment Card Merchants
PCI Security Awareness for ECU Payment Card Merchants Read this document carefully. Sign, date, and return the last page to your departmental PCI coordinator, who is required to store the documentation
More informationUniversity of San Francisco
University of San Francisco Acceptable Use Policy (AUP) & Agreement for POS Devices and PCI Network 1. Purpose University of San Francisco (USF) provides access to the PCI network for processing CASHNet
More informationHIPAA and You The Basics
HIPAA and You The Basics The Purpose of HIPAA Privacy Rules 1. Provide strong federal protections for privacy rights Ensure individual trust in the privacy and security of his or her health information
More informationPolicies and Procedures
Policies and Procedures Provided by PROGuard The following are policies and procedures which need to be enforced to ensure PCI DSS compliance. In order to answer yes to the questions and pass the SAQ,
More informationCal Poly PCI DSS Compliance Training and Information. Information Security http://security.calpoly.edu 1
Cal Poly PCI DSS Compliance Training and Information Information Security http://security.calpoly.edu 1 Training Objectives Understanding PCI DSS What is it? How to comply with requirements Appropriate
More informationSection 5 Identify Theft Red Flags and Address Discrepancy Procedures Index
Index Section 5.1 Purpose.... 2 Section 5.2 Definitions........2 Section 5.3 Validation Information.....2 Section 5.4 Procedures for Opening New Accounts....3 Section 5.5 Procedures for Existing Accounts...
More information3. Internet Credit Card Processing System generates a daily batch release report 4. Reporting Deposits to the University Depository
Internal Credit/Debit Card Processing Policies and Procedures for University of Tennessee Merchants Merchant: DBA Effective: Date Reviewed: Date Revised: Date 1. General Statement 2. Point-of-Sale Processing
More informationPCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:
What is PCI DSS? PCI DSS is an acronym for Payment Card Industry Data Security Standards. PCI DSS is a global initiative intent on securing credit and banking transactions by merchants & service providers
More informationHIPAA PRIVACY AND SECURITY AWARENESS. Covering Kids and Families of Indiana April 10, 2014
HIPAA PRIVACY AND SECURITY AWARENESS Covering Kids and Families of Indiana April 10, 2014 GOALS AND OBJECTIVES The goal is to provide information to you to promote personal responsibility and behaviors
More informationPCI Data Security and Classification Standards Summary
PCI Data Security and Classification Standards Summary Data security should be a key component of all system policies and practices related to payment acceptance and transaction processing. As customers
More informationROYAL BOROUGH OF WINDSOR AND MAIDENHEAD SECURITY POLICY. Processing Electronic Card Payments
ROYAL BOROUGH OF WINDSOR AND MAIDENHEAD SECURITY POLICY Processing Electronic Card Payments Introduction and Policy Aim The Payment Card Industry Data Security Standard (PCI-DSS) is a worldwide information
More informationHIPAA: Bigger and More Annoying
HIPAA: Bigger and More Annoying Instructor: Laney Kay, JD Contact information: 4640 Hunting Hound Lane Marietta, GA 30062 (770) 312-6257 (770) 998-9204 (fax) laney@laneykay.com www.laneykay.com OFFICIAL
More informationCredit Card Security
Credit Card Security Created 16 Apr 2014 Revised 16 Apr 2014 Reviewed 16 Apr 2014 Purpose This policy is intended to ensure customer personal information, particularly credit card information and primary
More informationHuddersfield New College Further Education Corporation
Huddersfield New College Further Education Corporation Card Payments Policy (including information security and refunds) 1.0 Policy Statement Huddersfield New College Finance Office handles sensitive cardholder
More informationHIPAA Privacy & Security Health Insurance Portability and Accountability Act
HIPAA Privacy & Security Health Insurance Portability and Accountability Act ASSOCIATE EDUCATION St. Elizabeth Medical Center Origin and Purpose of HIPAA In 2003, Congress enacted new rules that would
More informationSaint Louis University Merchant Card Processing Policy & Procedures
Saint Louis University Merchant Card Processing Policy & Procedures Overview: Policies and procedures for processing credit card transactions and properly storing credit card data physically and electronically.
More informationHIPAA Security Training Manual
HIPAA Security Training Manual The final HIPAA Security Rule for Montrose Memorial Hospital went into effect in February 2005. The Security Rule includes 3 categories of compliance; Administrative Safeguards,
More informationTarget Audience: All Non-Management CHS Employees, Students, Volunteers, and Physicians
This self-directed learning module contains information all CHS employees are expected to know in order to protect our patients protected health information. Target Audience: All Non-Management CHS Employees,
More informationUniversity Policy Accepting and Handling Payment Cards to Conduct University Business
BROWN UNIVERSITY University Policy Accepting and Handling Payment Cards to Conduct University Business Table of Contents Purpose... 2 Scope... 2 Authorization... 2 Establishing a new account... 2 Policy
More informationCREDIT CARD SECURITY POLICY PCI DSS 2.0
Responsible University Official: University Compliance Officer Responsible Office: Business Office Reviewed Date: 10/29/2012 CREDIT CARD SECURITY POLICY PCI DSS 2.0 Introduction and Scope Introduction
More informationHIPAA and Privacy Policy Training
HIPAA and Privacy Policy Training July 2015 1 This training addresses the requirements for maintaining the privacy of confidential information received from HFS and DHS (the Agencies). During this training
More informationPayment Card Industry (PCI) Policy Manual. Network and Computer Services
Payment Card Industry (PCI) Policy Manual Network and Computer Services Forward This policy manual outlines acceptable use Black Hills State University (BHSU) or University herein, Information Technology
More informationPayment Card Acceptance Administrative Policy
Administrative Procedure Approved By: Brandon Gilliland, Associate Vice President for Finance & Controller Effective Date: October 1, 2014 History: Approval Date: September 25, 2014 Revisions: Type: Administrative
More informationPCI Policies 2011. Appalachian State University
PCI Policies 2011 Appalachian State University Table of Contents Section 1: State and Contractual Requirements Governing Campus Credit Cards A. Cash Collection Point Approval for Departments B. State Requirements
More informationANNUAL SECURITY RESPONSIBILITY REVIEW
ANNUAL SECURITY RESPONSIBILITY REVIEW For Faculty and Staff Who Use Computers Minimally in their work May 2012 Training Topics What is Information Security? Review Security Vulnerabilities Phishing email
More informationAccepting Payment Cards and ecommerce Payments
Policy V. 4.1.1 Responsible Official: Vice President for Finance and Treasurer Effective Date: September 29, 2010 Accepting Payment Cards and ecommerce Payments Policy Statement The University of Vermont
More informationGRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY
GRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY PURPOSE The Payment Card Industry Data Security Standard was established by the credit card industry in response to an increase in identify theft
More informationPayment Card Industry Data Security Standard PCI DSS
Payment Card Industry Data Security Standard PCI DSS What is PCI DSS? Requirements developed by the five card brands: VISA, Mastercard, AMEX, JCB and Discover. Their aim was to put together a common set
More informationCREDIT CARD MERCHANT POLICY. All campuses served by Louisiana State University (LSU) Office of Accounting Services
Louisiana State University Finance and Administrative Services Operating Procedure FASOP: AS-22 CREDIT CARD MERCHANT POLICY Scope: All campuses served by Louisiana State University (LSU) Office of Accounting
More informationHIPAA 101: Privacy and Security Basics
HIPAA 101: Privacy and Security Basics Purpose This document provides important information about Kaiser Permanente policies and state and federal laws for protecting the privacy and security of individually
More informationInformation Security Training 2012
Information Security Training 2012 Authored by: Gwinnett Medical Center Information Security Department Modified for affiliated schools students & instructors by: Linda Horst, RN, BSN, BC Objectives After
More informationINFORMATION SECURITY POLICY. Policy for Credit Card Acceptance to Conduct College Business
DELAWARE COLLEGE OF ART AND DESIGN 600 N MARKET ST WILMINGTON DELAWARE 19801 302.622.8000 INFORMATION SECURITY POLICY including Policy for Credit Card Acceptance to Conduct College Business stuff\policies\security_information_policy_with_credit_card_acceptance.doc
More informationCredit and Debit Card Handling Policy Updated October 1, 2014
Credit and Debit Card Handling Policy Updated October 1, 2014 City of Parkville 8880 Clark Ave. Parkville, MO 64152 Hours: 8:00-5:00 p.m. Monday -Friday Phone Number 816-741-7676 Email: cityhall@parkvillemo.gov
More informationWelcome to the Duke Medicine Credit Card PCI Education session.
Welcome to the Duke Medicine Credit Card PCI Education session. During this session, we will explain the Duke Medicine Credit Card PCI Policy and Procedure that has been implemented to ensure we are in
More informationHIPAA Privacy & Security Training for Clinicians
HIPAA Privacy & Security Training for Clinicians Agenda This training will cover the following information: Overview of Privacy Rule and Security Rules Using and disclosing Protected Health Information
More informationHang Seng HSBCnet Security. May 2016
Hang Seng HSBCnet Security May 2016 1 Security The Bank aims to provide you with a robust, reliable and secure online environment in which to do business. We seek to achieve this through the adoption of
More informationU.S. Department of the Interior's Federal Information Systems Security Awareness Online Course
U.S. Department of the Interior's Federal Information Systems Security Awareness Online Course Rules of Behavior Before you print your certificate of completion, please read the following Rules of Behavior
More informationComputing Services Information Security Office. Security 101
Computing Services Information Security Office Security 101 Definition of Information Security Information security is the protection of information and systems from unauthorized access, disclosure, modification,
More informationGeneral Rules of Behavior for Users of DHS Systems and IT Resources that Access, Store, Receive, or Transmit Sensitive Information
General Rules of Behavior for Users of DHS Systems and IT Resources that Access, Store, Receive, or Transmit Sensitive Information The following rules of behavior apply to all Department of Homeland Security
More information8.03 Health Insurance Portability and Accountability Act (HIPAA)
Human Resource/Miscellaneous Page 1 of 5 8.03 Health Insurance Portability and Accountability Act (HIPAA) Policy: It is the policy of Licking/Knox Goodwill Industries, Inc., to maintain the privacy of
More informationPAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI) Affordable ~ Clean ~ Safe ~ Simple ~ Flexible
PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI) Affordable ~ Clean ~ Safe ~ Simple ~ Flexible 2 PCI Compliance What does PCI stand for? Payment Card Industry Data Security Standard Data Security Standards
More informationCITY OF SAN DIEGO ADMINISTRATIVE REGULATION Number 95.51 PAYMENT CARD INDUSTRY (PCI) COMPLIANCE POLICY. Page 1 of 9.
95.5 of 9. PURPOSE.. To establish a policy that outlines the requirements for compliance to the Payment Card Industry Data Security Standards (PCI-DSS). Compliance with this standard is a condition of
More informationHow To Complete A Pci Ds Self Assessment Questionnaire
Department PCI Self-Assessment Questionnaire Version 1.1 2009 Attestation of Compliance Instructions for Submission This Department PCI Self-Assessment Questionnaire has been developed as an assessment
More informationInformation Security
Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff
More informationHIPAA and Health Information Privacy and Security
HIPAA and Health Information Privacy and Security Revised 7/2014 What Is HIPAA? H Health I Insurance P Portability & A Accountability A - Act HIPAA Privacy and Security Rules were passed to protect patient
More informationAdvanced HIPAA Security Training Module
Advanced HIPAA Security Training Module The Security of Electronic Information Copyright 2008 The Regents of the University of California All Rights Reserved The Regents of the University of California
More informationUniversity of Virginia Credit Card Requirements
University of Virginia Credit Card Requirements The University of Virginia recognizes that e-commerce is critical for the efficient operation of the University, and in particular for collecting revenue.
More informationInformation Security Manager Training
Information Security Manager Training Kent Swagler CCEP Director, Corporate Compliance Direct line (314) 923-3097 Cell (314) 575-8334 kswagler@metrostlouis.org Information Security Manager Training Overview
More informationGuadalupe Regional Medical Center
Guadalupe Regional Medical Center Health Insurance Portability & Accountability Act (HIPAA) By Debby Hernandez, Compliance/HIPAA Officer HIPAA Privacy & Security Training Module 1 This module will address
More informationAnnual HIPAA Security & Information Security Competency
Annual HIPAA Security & Information Security Competency 1 General Information FISO- What is a FISO? Facility Information Security Officer Responsible for the physical protection and recovery of all electronic
More informationCREDIT CARD NUMBER HANDLING PROCEDURES POLICY. 2014 October
CREDIT CARD NUMBER HANDLING PROCEDURES POLICY 2014 October Royal Roads University Page 1 of 6 21 October 2014 Table of Contents Policy Statement... 3 Rationale... 3 Applicability of the Policy... 3 Definitions...
More informationGuide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR
Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR Information and Resources for Small Medical Offices Introduction The Personal Health Information Protection Act, 2004 (PHIPA) is Ontario s health-specific
More informationSELF-LEARNING MODULE (SLM) 2012 HIPAA Education Privacy Basics and Intermediate Modules
SELF-LEARNING MODULE (SLM) 2012 HIPAA Education Privacy Basics and Intermediate Modules Page 2 Index Privacy 101 and Intermediate Privacy Self-Learning Module 2012 HIPAA Education 3 Instructions Index
More informationUniversity of York Policy on the Management of Debit/ Credit Card Data
University of York Policy on the Management of Debit/ Credit Card Data Version 1.0 25th February 2015 Index 1 Introduction and Policy Statement 1.1 The Payment Card Industry Data Security Standard (PCI
More informationAppendix 1 - Credit Card Security Incident Response Plan
Appendix 1 - Credit Card Security Incident Response Plan 1 Contents Revisions/Approvals... i Purpose... 2 Scope/Applicability... 2 Authority... 2 Security Incident Response Team... 2 Procedures... 3 Incident
More informationPrivacy & Security Standards to Protect Patient Information
Privacy & Security Standards to Protect Patient Information Health Insurance Portability & Accountability Act (HIPAA) 12/16/10 Topics An An Introduction to to HIPAA HIPAA Patient Rights Rights Routine
More informationHIPAA Privacy & Security Rules
HIPAA Privacy & Security Rules HITECH Act Applicability If you are part of any of the HIPAA Affected Areas, this training is required under the IU HIPAA Privacy and Security Compliance Plan pursuant to
More informationSecure Storage, Communication & Transportation of Personal Information Policy Disclaimer:
Secure Storage, Communication & Transportation of Personal Information Policy Version No: 3.0 Prepared By: Information Governance, IT Security & Health Records Effective From: 20/12/2010 Review Date: 20/12/2011
More informationIdentity Theft Prevention Program Compliance Model
September 29, 2008 State Rural Water Association Identity Theft Prevention Program Compliance Model Contact your State Rural Water Association www.nrwa.org Ed Thomas, Senior Environmental Engineer All
More informationBest safe and secure practices
Best safe and secure practices For cards transactions BANKOMAT DEF 3 MNO 6 CLEAR - CANCEL x WXY 9 ENTER O BANKOMAT Maintaining the card and PIN number Using a card is highly valuable and provides opportunities
More information