VCU Payment Card Policy
|
|
- Lawrence Harrington
- 8 years ago
- Views:
Transcription
1 VCU Payment Card Plicy Plicy Type: Administrative Respnsible Office: Treasury Services Initial Plicy Apprved: 12/05/2013 Current Revisin Apprved: 12/05/2013 Plicy Statement and Purpse The purpse f this plicy is t help ensure that VCU is (1), being a gd steward f persnal cardhlder infrmatin entrusted t it by its students, parents, dnrs, alumni, custmers and any individual r entity that utilizes a credit card t transact business with the university, (2), cmplying with the Payment Card Industry Data Security Standards (PCI DSS) and (3), striving t prevent unauthrized and inapprpriate use f cardhlders' infrmatin. VCU is cmmitted t cmplying with the PCI DSS by ensuring the secure handling f payment card infrmatin. All university merchants accepting payment cards are required t cmply with the PCI DSS and this plicy fr accepting and handling payment card transactins. Treasury Services and Technlgy Services have been assigned respnsibility fr assessing, determining, and mnitring cmpliance with these standards. As a result, respnsibility fr determining hw t apply these standards and fr assessing deficiencies is shared amng these named areas. Treasury Services will prvide directin and assistance n business prcesses related t card peratins and Technlgy Services will prvide directin and assist with technical implementatin and security issues. Nncmpliance with this plicy may result in disciplinary actin up t and including terminatin. VCU supprts an envirnment free frm retaliatin. Retaliatin against any emplyee wh brings frth a gd faith cncern, asks a clarifying questin, r participates in an investigatin is prhibited. Table f Cntents Wh Shuld Knw This Plicy 2 Definitins 2 Cntacts 2 Prcedures 3 Frms 5 Related Dcuments 5 Revisin Histry 5 FAQs 6 VCU Payment Card Plicy Apprved: 12/05/2013
2 Wh Shuld Knw This Plicy VCU faculty, staff, students, cntractrs and third party vendrs that cllect, maintain r have access t payment card infrmatin are respnsible fr knwing this plicy and familiarizing themselves with its cntents and prvisins. Definitins Apprved Scanning Vendr An Apprved Scanning Vendr (ASV) is an rganizatin that validates adherence t certain PCI-DSS requirements by perfrming vulnerability scans f Internet facing envirnments f merchants and service prviders. The PCI cuncil has apprved ver 130 ASVs. Cardhlder Data The Primary Accunt Number (PAN) alne r the PAN plus any f the fllwing: full magnetic stripe infrmatin, cardhlder name, service cde r expiratin date. Merchant Any entity that accepts payment cards as payment fr gds and/r services. Merchant Accunt A relatinship set up by Treasury Services thrugh the bank and a credit card prcessr in rder t prcess payment cards as payment fr gds r services rendered by the accunt hlder. The merchant accunt is tied t a Banner index t distribute funds apprpriately t the merchant (wner) fr which the accunt was set up. Payment Card Credit cards, debit cards r charge cards issued by a financial institutin. PCI-DSS Payment Card Industry Data Security Standard is a set f cmprehensive requirements fr enhancing payment card data security. Cmpliance with the PCI DSS helps t alleviate vulnerabilities that put cardhlder data at risk. Service Prvider Any cmpany that stres, prcesses r transmits cardhlder data n behalf f anther entity is defined t be a service Prvider by the Payment Card Industry (PCI) guidelines. Third Party Prcessr A cmpany that ffers Payment Card prcessing sftware and/r gateway services. All Third Party Prcessrs must be PCI DSS Cmpliant in rder fr a department t btain r maintain a merchant accunt. Cntacts Treasury Services and Technlgy Services are respnsible fr this plicy. Treasury Services is respnsible fr btaining apprval fr any revisins as required by the plicy Creating and Maintaining VCU Payment Card Plicy Apprved: 12/05/2013
3 Plicies and Prcedures thrugh the apprpriate gvernance structures. Please direct plicy questins t Treasury Services. Technical security questins shuld be directed t Technlgy Services. Prcedures University departments must request and receive apprval frm Treasury Services prir t accepting payment cards. Treasury Services will assist departments in establishing prcesses and apprpriate cntrls thrugh n-line training. *All university departments that prcess payment card transactins fr gds and services are deemed t be merchants under the PCI DSS*. Third party vendrs (prcessrs, sftware prviders, payment gateways, r ther gds r service prviders) wh accept credit card transactins n behalf f the University must cntractually agree t: (1) adhere t all applicable requirements in PCI DSS, (2) be liable fr the security f the cardhlder data, (3) ntify the University f any breaches r intrusins within 72 hurs f discvery, and (4) peridic infrmatin security reviews by the University. Detailed prcedural steps are prvided belw t ensure full cmpliance. 1. Cmpliance with PCI DSS Standards Departments accepting payment cards are expected t adhere t these standards which are updated peridically and t verify the cmpliance f third party service prviders. The standards can be summarized as fllws: Build and Maintain a Secure Netwrk Prtect Cardhlder data Maintain a Vulnerability Management Prgram Implement Strng Access Cntrl Measures Regularly Mnitr and Test Netwrks Maintain an Infrmatin Security Plicy The university prhibits electrnic strage f cardhlder data because f the additinal risks assciated with prtecting the stred data. Requirements apply t departments that cllect card infrmatin in any frmat fr prcessing. Paper recrds cntaining payment card infrmatin must be destryed in accrdance with the PCI DSS and Library f Virginia s Recrd Retentin Schedule. Departments shall agree t frward necessary system and netwrk lg infrmatin frm its payment card systems and assciated netwrk devices t security mnitring tls managed by Technlgy Services fr detectin and preventin f threats targeting these systems. Departments shall als agree t allw peridic security scans and testing f its payment card systems by bth Technlgy Services and selected Apprved Scanning Vendr. Further, if applicable, with guidance frm Treasury Services and Technlgy Services, departments are respnsible fr the cmpletin f an annual Self-Assessment Questinnaire (SAQ) as required by PCI DSS. 2. Payment Card Acceptance VCU Payment Card Plicy Apprved: 12/05/2013
4 Any entity that accepts payment cards as payment fr gds and/r services is a merchant. Once merchant accunts are enabled fr a department, the department has an nging respnsibility t understand security requirements, cmply with PCI DSS standards, and t maintain prper business practices as described further in varius prcedures and guidelines assciated with this plicy. Annually, individuals must be trained in the prper handling f payment card infrmatin and must cmplete the Respnsibilities f Credit Card Handlers and Prcessrs frm. Access t payment card data by university emplyees must be limited t thse individuals with a business need. Emplyees must have a unique lgin identificatin and passwrd t access cmputer systems r prgrams that cntain payment card infrmatin t ensure individual accuntability. Vendrsupplied defaults fr system passwrds and ther security parameters are nt t be used. Departments are respnsible fr paying all fees and ther csts assciated with accepting payment cards including equipment and technlgy csts, banking fees, and external security assessment fees as required by PCI DSS. 3. Use f Third Party Sftware Only University apprved cmpliant e-cmmerce applicatins may be used. Departments whse needs cannt be met due t the list f pre-apprved sftware applicatins that are PCI DSS cmpliant must request prir apprval frm Treasury Services and Technlgy Services befre cnsidering r acquiring third party slutins. Third party prcessrs must prvide prf f PCI DSS cmpliance n an annual basis t Treasury Services. 4. Secure Transmissins T ensure that prper business practices and security are maintained, nly secure and apprved prcesses are cnducted thrugh apprved web vendrs, analg telephne lines fr pint f sale terminals and/r PCI cmpliant IP credit card terminals. Any unapprved prcesses, including , are nt allwed t transmit r stre payment card infrmatin. 5. Security Breaches All knwn r suspected security breaches f cardhlder infrmatin must be reprted immediately t the department head, Treasury Services at and the Technlgy Services Infrmatin Security Office via the VCU Help Desk at Departments must cperate fully with any resulting investigatin. 6. Sanctins fr Nn-Cmpliance University departments that transact business using payment cards in a manner that deviates frm this plicy are subject t varius financial and ther sanctins. These may include terminatin f merchant accunts, financial penalties and csts assciated with a security breach, penalties and csts assciated with bringing a nn-cmpliant applicatin int cmpliance, and/r pssible disciplinary actin f the individual invlved up t and including terminatin f emplyment. VCU Payment Card Plicy Apprved: 12/05/2013
5 Frms 1. Respnsibilities f Credit Card Handlers ( 2. Request fr a New Merchant Accunt (Jessica has this frm, and it is nt a live URL yet, but she has given me the frm) Related Dcuments 1. Payment Card Industry Data Security Standard ( 2. Credit Card Merchant Accunts ( 3. University Cash Receipting Plicies and Prcedures ( 4. Infrmatin Security Plicy ( 5. Recrds Management ( 6. Cmputer and Netwrk Resurces Use Plicy ( Revisin Histry Nne New Plicy FAQs 1. T whm des PCI apply? PCI applies t all university departments that accept, transmit r stre any cardhlder data regardless f size r number f transactins. 2. Wh set the standards? The standards are set by the PCI Security Standards Cuncil. The PCI Cuncil was created in 2006 t align the separate security prgrams and standards f majr card prgrams; American Express, Discver Financial Services, JCB, MasterCard Wrldwide and VISA Internatinal. 3. What cnstitutes a payment applicatin? A payment applicatin is anything that stres, prcesses r transmits card data electrnically. This means that anything frm a Pint f Sale System (swipe terminals) t a web e-cmmerce site are VCU Payment Card Plicy Apprved: 12/05/2013
6 all classified as payment applicatins. Any piece f sftware that has been designed t tuch payment card data is cnsidered a payment applicatin. 4. What are the csts f nn-cmpliance with PCI DSS? The cst f nn-cmpliance will result primarily frm a security breach if cardhlder infrmatin is cmprmised. These csts may include: Ntifying affected cardhlders Paying fr credit mnitring fr the affected parties Paying fr unauthrized charges Implementing needed hardware r sftware upgrades t cmply with a higher level f security that wuld be required pst-breach Fines frm credit card cmpanies and PCI cuncil Litigatin frm cardhlders, vendrs r credit card cmpanies Unfavrable publicity Damage t VCU s reputatin Temprary r permanent lss f ability t prcess payment cards 5. Hw d payment card security breaches happen? Types f Breaches: Hacking int netwrked cmputers Lss f stlen PCs, Media Imprper dispsal f recrds (paper recrds nt shredded r prperly dispsed) Intentinal disclsure r fraud Unintentinal disclsure due t human errr Surces f Breaches: Imprper strage f data Insecure applicatins Inadequate netwrk security cntrls Unpatched systems and/r default cnfiguratin Insecure wireless access pints Use f default passwrds N intrusin mnitring Unsecured pint f sale technlgy Malicius Insider VCU Payment Card Plicy Apprved: 12/05/2013
University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments
University f Texas at Dallas Plicy fr Accepting Credit Card and Electrnic Payments Cntents: Purpse Applicability Plicy Statement Respnsibilities f a Merchant Department Prcess t Becme a Merchant Department
More informationProcess of Setting up a New Merchant Account
Prcess f Setting up a New Merchant Accunt Table f Cntents PCI DSS... 3 Wh t cntact?... 3 Bakcgrund n PCI... 3 Why cmply?... 3 Hw t cmply?... 3 PCI DSS Scpe... 4 Des PCI DSS Apply t Me?... 4 What if I am
More informationPCI - Why You Need to be Compliant When Accepting Credit Card Payments. Agenda. Breaches in the Headlines. Breach Events & Commonalities
PCI - Why Yu Need t be Cmpliant When Accepting Credit Card Payments Tuesday, March 27, 2012 Agenda Breach Events & Cmmnalities Evlutin f PCI PCI Requirements Risks f Nn-cmpliance Industry Initiatives t
More informationGUIDANCE FOR BUSINESS ASSOCIATES
GUIDANCE FOR BUSINESS ASSOCIATES This Guidance fr Business Assciates dcument is intended t verview UPMCs expectatins, as well as t prvide additinal resurces and infrmatin, t UPMC s HIPAA business assciates.
More informationUNT Payment Card Merchant Handbook
UNT Payment Card Merchant Handbk University f Nrth Texas January 2014 Vlume 4, Issue 1 STUDENT ACCOUNTING & UNIVERSITY CASHIERING SERVICES Cntents The Purpse f the Handbk...1 General Overview...2 Hw des
More informationFAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT
FAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT If using US Pstal Service, please return t: Califrnia Student Aid Cmmissin Prgram Administratin & Services Divisin ATTN: Institutinal Supprt P.O. Bx 419028
More informationCOPIES-F.Y.I., INC. Policies and Procedures Data Security Policy
COPIES-F.Y.I., INC. Plicies and Prcedures Data Security Plicy Page 2 f 7 Preamble Mst f Cpies FYI, Incrprated financial, administrative, research, and clinical systems are accessible thrugh the campus
More informationKey Steps for Organizations in Responding to Privacy Breaches
Key Steps fr Organizatins in Respnding t Privacy Breaches Purpse The purpse f this dcument is t prvide guidance t private sectr rganizatins, bth small and large, when a privacy breach ccurs. Organizatins
More informationTHE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM
THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM 1. Prgram Adptin The City University f New Yrk (the "University") develped this Identity Theft Preventin Prgram (the "Prgram") pursuant
More informationTITLE: RECORDS AND INFORMATION MANAGEMENT POLICY
TITLE: RECORDS AND INFORMATION MANAGEMENT POLICY REFERENCE NUMBER: 14/103368 RESPONSIBLE DEPARTMENT: Crprate Services APPLICABLE LEGISLATION: State Recrds Act 1997 Lcal Gvernment Act 1999 Crpratins Act
More informationHIPAA HITECH ACT Compliance, Review and Training Services
Cmpliance, Review and Training Services Risk Assessment and Risk Mitigatin: The first and mst imprtant step is t undertake a hlistic risk assessment that examines the risks and cntrls related t fur critical
More informationFirst Global Data Corp.
First Glbal Data Crp. Privacy Plicy As f February 23, 2015 Ding business with First Glbal Data Crp. ("First Glbal", First Glbal Mney, "we" r "us", which includes First Glbal Data Crp. s subsidiary, First
More informationBLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS
BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS SERIES: 1 General Rules RULE: 17.1 Recrd Retentin Scpe: The purpse f this rule is t establish the systematic review, retentin and destructin
More informationBAMS Third Party Service Providers (TPSPs) FAQs
BAMS Third Party Service Prviders (TPSPs) FAQs 1) What is the Third Party Service Prvider (TPSP) Agent Registratin Prgram? The TPSP Agent Registratin Prgram is a Card Brand (Visa USA Inc and MasterCard
More informationFAYETTEVILLE STATE UNIVERSITY
FAYETTEVILLE STATE UNIVERSITY IDENTITY THEFT PREVENTION (RED FLAGS RULE) Authrity: Categry: Issued by the Fayetteville State University Bard f Trustees. University-Wide Applies t: Administratrs Faculty
More informationIMPLEMENTATION DETAILS
Plicy: Title: Status: 1. Intrductin ISP-I10 Payment Card Security Apprved Infrmatin Security Plicy Dcumentatin IMPLEMENTATION DETAILS 1.1. This dcument supprts implementatin f the "Payment Card Industry
More informationHIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions 724-942-1337
HIPAA Cmpliance 101 Imprtant Terms Cvered Entities (CAs) The HIPAA Privacy Rule refers t three specific grups as cvered entities, including health plans, healthcare clearinghuses, and health care prviders
More informationData Protection Policy & Procedure
Data Prtectin Plicy & Prcedure Page 1 Prcnnect Marketing Data Prtectin Plicy V1.2 Data prtectin plicy Cntext and verview Key details Plicy prepared by: Adam Haycck Apprved by bard / management n: 01/01/2015
More informationVantiv eprotect iframe Technical Assessment Paper Prepared for:
Vantiv eprtect iframe Technical Assessment Paper Prepared fr: Octber 13, 2015 P a g e 2 Cntents EXECUTIVE SUMMARY...3 OVERVIEW... 3 ABOUT VANTIV EPROTECT... 4 OPERATIONAL FLOW... 5 TECHNICAL ASSESSMENT...6
More informationDisplayNote Technologies Limited Data Protection Policy July 2014
DisplayNte Technlgies Limited Data Prtectin Plicy July 2014 1. Intrductin This dcument sets ut the bligatins f DisplayNte Technlgies Limited ( the Cmpany ) with regard t data prtectin and the rights f
More informationPrivacy and Security Training Policy (PS.Pol.051)
Privacy and Security Training Plicy (PS.Pl.051) Purpse T define the plicies and prcedures fr prviding privacy and security training in respect f the CnnectingGTA Slutin. Definitins Electrnic Service Prvider
More informationVersion Date Comments / Changes 1.0 January 2015 Initial Policy Released
Page 1 f 6 Vice President, Infrmatics and Transfrmatin Supprt APPROVED (S) REVISED / REVIEWED SUMMARY Versin Date Cmments / Changes 1.0 Initial Plicy Released INTENT / PURPOSE The Infrmatin and Data Gvernance
More informationSupersedes: DPS Policy 10.09 - Internet and Use Of The DPSnet, July 14, 2000 Effective: February 15, 2005 Pages: 1 of 5
Plicy: 13.01 SUBJECT: INTERNET USAGE Supersedes: DPS Plicy 10.09 - Internet and Use Of The DPSnet, July 14, 2000 Effective: February 15, 2005 Pages: 1 f 5 1.0 POLICY PURPOSE Detrit Public Schls (DPS) Internet
More informationNYU Langone Medical Center NYU Hospitals Center NYU School of Medicine
Title: Identity Theft Prgram Effective Date: July 2009 NYU Langne Medical Center NYU Hspitals Center NYU Schl f Medicine POLICY It is the plicy f the NYU Langne Medical Center t educate and train staff
More informationPersonal Data Security Breach Management Policy
Persnal Data Security Breach Management Plicy 1.0 Purpse The Data Prtectin Acts 1988 and 2003 impse bligatins n data cntrllers in Western Care Assciatin t prcess persnal data entrusted t them in a manner
More informationInformation Security Policy
Purpse The risk t Charlestn Suthern University, its emplyees and students frm data lss and identity theft is f significant cncern t the University and can be reduced nly thrugh the cmbined effrts f every
More informationTrustED Briefing Series:
TrustED Briefing Series: Since 2001, TrustCC has prvided IT audits and security assessments t hundreds f financial institutins thrugh ut the United States. Our TrustED Briefing Series are white papers
More informationPlus500CY Ltd. Statement on Privacy and Cookie Policy
Plus500CY Ltd. Statement n Privacy and Ckie Plicy Statement n Privacy and Ckie Plicy This website is perated by Plus500CY Ltd. ("we, us r ur"). It is ur plicy t respect the cnfidentiality f infrmatin and
More informationIT Account and Access Procedure
IT Accunt and Access Prcedure Revisin Histry Versin Date Editr Nature f Change 1.0 3/23/06 Kelly Matt Initial Release Table f Cntents 1.0 Overview... 1 2.0 Purpse... 1 3.0 Scpe... 1 4.0 Passwrds... 1 4.1
More informationDATE APPROVED March 2011. Version Date Comments / Changes 1.0 March 2011 Initial policy released
Page 1 f 11 APPROVED (S) REVISED / REVIEWED SUMMARY Versin Date Cmments / Changes 1.0 Initial plicy released 1. PURPOSE OF THIS POLICY T define the purpses fr which Crprate Purchase Cards are t be used
More informationCorporate Credit Card Policy
Plicy N: 13 Crprate Credit Card Plicy CONTROL: Plicy Type: Authrised by: Head f Pwer: Financial Cuncil Nt Applicable Respnsible Officer: Crprate and Cmmunity Manager Respnsibilities: Review and implement
More informationProcess for Responding to Privacy Breaches
Prcess fr Respnding t Privacy Breaches 1. Purpse 1.1 This dcument sets ut the steps that ministries must fllw when respnding t a privacy breach. It must be read in cnjunctin with the Infrmatin Incident
More informationPrivacy Policy. The Central Equity Group understands how highly people value the protection of their privacy.
Privacy Plicy The Central Equity Grup understands hw highly peple value the prtectin f their privacy. Fr that reasn, the Central Equity Grup takes particular care in dealing with any persnal and sensitive
More informationHow To Ensure Your Health Care Is Safe
Guidelines fr Custdians t assess cmpliance with the Persnal Health Infrmatin Privacy and Access Act (PHIPAA) This dcument is designed t help custdians evaluate readiness fr cmpliance with PHIPAA and t
More informationCloud-based File Sharing: Privacy and Security Tutorial Institutional Compliance Office July 2013
Clud-based File Sharing: Privacy and Security Tutrial Institutinal Cmpliance Office July 2013 Patient Data in the Clud Prtecting patient privacy is ne f MD Andersn s greatest respnsibilities Technlgies
More informationPCI Compliance Merchant User Guide
PCI Cmpliance Merchant User Guide Table f Cntents Intrductin... 5 PCI Prgram Overview... 5 PCI10 2.0 Applicatin Tl Overview... 6 Lgin Prcess... 6 Update My Prfile... 7 Frgt Yur Passwrd... 8 Welcme Pages...
More informationNAIC Replacement Requirements For Certain Life Insurance Policies And Annuity Contracts
NAIC Replacement Requirements Fr Certain Life Insurance Plicies And Annuity Cntracts Duties f Prducers If a transactin invlves a replacement, the prducer must leave with the applicant, at the time an applicatin
More informationRemote Working (Policy & Procedure)
Remte Wrking (Plicy & Prcedure) Publicatin Scheme Y/N Department f Origin Plicy Hlder Authrs Can be published n Frce Website Prfessinal Standards Department (PSD) Ch Supt Head f PSD IT Security Officer
More informationCOMPLIANCE WITH THE FEDERAL TRADE COMMISSION S SAFEGUARDS RULE
COMPLIANCE WITH THE FEDERAL TRADE COMMISSION S SAFEGUARDS RULE COMPLIANCE WITH THE FEDERAL TRADE COMMISSION S SAFEGUARDS RULE Mst dealers are familiar with the requirements f the Gramm-Leach-Bliley Act
More informationCORPORATE CREDIT CARD POLICY
TITLE: POLICY OWNERS: DATE INSTITUTED: May 1, 2008 CURRENT VERSION: Ver. 1.6 REVISION DATE: July 1, 2015 Crprate Credit Card Plicy Melissa Cluse, Vice President & Cntrller Cindy Klein, Accunts Payable
More informationSystems Support - Extended
1 General Overview This is a Service Level Agreement ( SLA ) between and the Enterprise Windws Services t dcument: The technlgy services the Enterprise Windws Services prvides t the custmer. The targets
More informationRUTGERS POLICY. Responsible Executive: Vice President for Information Technology and Chief Information Officer
RUTGERS POLICY Sectin: 70.1.1 Sectin Title: Infrmatin Technlgy Plicy Name: Acceptable Use Plicy fr Infrmatin Technlgy Resurces Frmerly Bk: N/A Apprval Authrity: Senir Vice President fr Administratin Respnsible
More informationWHAT YOU NEED TO KNOW ABOUT. Protecting your Privacy
WHAT YOU NEED TO KNOW ABOUT Prtecting yur Privacy YOUR PRIVACY IS OUR PRIORITY Credit unins have a histry f respecting the privacy f ur members and custmers. Yur Bard f Directrs has adpted the Credit Unin
More informationPOLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014
State f Michigan POLICY 1390 Infrmatin Technlgy Cntinuity f Business Planning Issued: June 4, 2009 Revised: June 12, 2014 SUBJECT: APPLICATION: PURPOSE: CONTACT AGENCY: Plicy fr Infrmatin Technlgy (IT)
More informationInternal Audit Charter and operating standards
Internal Audit Charter and perating standards 2 1 verview This dcument sets ut the basis fr internal audit: (i) the Internal Audit charter, which establishes the framewrk fr Internal Audit; and (ii) hw
More informationData Protection Act Data security breach management
Data Prtectin Act Data security breach management The seventh data prtectin principle requires that rganisatins prcessing persnal data take apprpriate measures against unauthrised r unlawful prcessing
More informationADMINISTRATION AND FINANCE POLICIES AND PROCEDURES TABLE OF CONTENTS
CONTROL Revisin Date: 1/21/03 TABLE OF CONTENTS 10.01 OVERVIEW OF ACCOUNTING FOR INVESTMENT IN PLANT... 2 10.01.1 CURRENT POLICY... 2 10.02 INVENTORY MAINTENANCE AND CONTROL... 3 10.02.1 PROCEDURES FOR
More informationUnified Infrastructure/Organization Computer System/Software Use Policy
Unified Infrastructure/Organizatin Cmputer System/Sftware Use Plicy 1. Statement f Respnsibility All emplyees are charged with the security and integrity f the cmputer system. Emplyees are asked t help
More informationVersion: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013
Versin: Mdified By: Date: Apprved By: Date: 1.0 Michael Hawkins Octber 29, 2013 Dan Bwden Nvember 2013 Rule 4-004J Payment Card Industry (PCI) Patch Management (prpsed) 01.1 Purpse The purpse f the Patch
More informationRequest for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply
Sectin 1 General Infrmatin RFR Number: (Reference BPO Number) Functinal Area (Enter One Only) F50B3400026 7 Infrmatin System Security Labr Categry A single supprt resurce may be engaged fr a perid nt t
More informationKentwood Police Department 4742 Walma Ave SE Kentwood, Michigan 49512 (616) 698-6580 http://www.ci.kentwood.mi.us REPORTING IDENTITY THEFT
Kentwd Plice Department 4742 Walma Ave SE Kentwd, Michigan 49512 (616) 698-6580 http://www.ci.kentwd.mi.us REPORTING IDENTITY THEFT If yu are the victim f identity theft and ne f the fllwing cnditins are
More informationMulti-Year Accessibility Policy and Plan for NSF Canada and NSF International Strategic Registrations Canada Company, 2014-2021
Multi-Year Accessibility Plicy and Plan fr NSF Canada and NSF Internatinal Strategic Registratins Canada Cmpany, 2014-2021 This 2014-21 accessibility plan utlines the plicies and actins that NSF Canada
More informationPENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK
Department f Health and Human Services OFFICE OF INSPECTOR GENERAL PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Inquiries abut this reprt may be addressed t the Office f Public Affairs
More informationMalpractice and Maladministration Policy
TR340 Malpractice and Maladministratin Plicy This plicy aims t: Define malpractice and maladministratin in the cntext f CIM/CAM studying members, Accredited study centres (ASCs), examinatin centres, invigilatrs
More informationexpertise hp services valupack consulting description security review service for Linux
expertise hp services valupack cnsulting descriptin security review service fr Linux Cpyright services prvided, infrmatin is prtected under cpyright by Hewlett-Packard Cmpany Unpublished Wrk -- ALL RIGHTS
More informationPayment Card Industry (PCI) Qualified Integrators and Resellers
Payment Card Industry (PCI) Qualified Integratrs and Resellers Prgram Guide Versin 3.0 September 2015 Dcument Changes Date Versin Descriptin August 2012 1.0 Initial release f the PCI Qualified Integratrs
More informationWire Transfer Request
Wire Transfer Request Requirements and Instructins OFFICE OF DISBURSEMENTS Categry: Dcument Name: Payment Prcessing Wire Transfer Request - Requirements and Instructins Respnsible Department: Office f
More informationElectronic and Information Resources Accessibility Compliance Plan
Electrnic and Infrmatin Resurces Accessibility Cmpliance Plan Intrductin The University f Nrth Texas at Dallas (UNTD) is cmmitted t prviding a wrk envirnment that affrds equal access and pprtunity t therwise
More informationHillsborough Board of Education Acceptable Use Policy for Using the Hillsborough Township Public Schools Network
2361/Page 1 f 6 Hillsbrugh Bard f Educatin Acceptable Use Plicy fr Using the Hillsbrugh Twnship Public Schls Netwrk It is the gal f the HTPS (Hillsbrugh Twnship Public Schls) Netwrk t prmte educatinal
More informationChristchurch Polytechnic Institute of Technology Access Control Security Standard
CPIT Crprate Services Divisin: ICT Christchurch Plytechnic Institute f Technlgy Access Cntrl Security Standard Crprate Plicies & Prcedures Sectin 1: General Administratin Dcument CPP121a Principles Infrmatin
More informationRQ10.06 AACo Share Trading Policy
Australian Agricultural Cmpany Limited ACN 010 892 270 RQ10.06 AAC Share Trading Plicy Versin 5 This plicy was apprved by the Bard f Australian Agricultural Cmpany Limited n 15 December 2010. This plicy
More informationSources of Federal Government and Employee Information
Inf Surce Surces f Federal Gvernment and Emplyee Infrmatin Ridley Terminals Inc. TABLE OF CONTENTS General Infrmatin Intrductin t Inf Surce Backgrund Respnsibilities Institutinal Functins, Prgram and Activities
More informationWe will record and prepare documents based off the information presented
Dear Client: We appreciate the pprtunity f wrking with yu regarding yur Payrll needs. T ensure a cmplete understanding between us, we are setting frth the pertinent infrmatin abut the services that we
More informationIn addition to assisting with the disaster planning process, it is hoped this document will also::
First Step f a Disaster Recver Analysis: Knwing What Yu Have and Hw t Get t it Ntes abut using this dcument: This free tl is ffered as a guide and starting pint. It is des nt cver all pssible business
More informationIMPLEMENTATION DETAILS
Plicy: Title: Status: 1. Intrductin ISP-I10 Payment Card Security Apprved Infrmatin Security Plicy Dcumentatin IMPLEMENTATION DETAILS 1.1. This dcument supprts implementatin f the "Payment Card Industry
More informationTechnical Writing - TheUsers Visa (SHR User Accunt)
POLICY Number: 7311-25-004 Title: Saskatn Health Regin User Accunt Plicy Authrizatin [ ] President and CEO [X] Vice President, Finance and Crprate Services Surce: Directr, Infrmatin Technlgy Services Crss
More informationPAYMENT GATEWAY ACCOUNT SETUP FORM
PAYMENT GATEWAY ACCOUNT SETUP FORM Thank yu fr chsing us fr yur e-cmmerce transactin needs. CyberSurce develps, perates and markets payment transactin prcessing services, as well as a hst f value-adding
More informationHow To Ensure That The Internet Is Safe For A Health Care Worker
POLICY Dc. Cde: IS I5 INTERNET - ACCEPTABLE USE Applicable t: MidCentral DHB Including MidCentral Health & Enable NZ Issued by: Infrmatin Systems Cntact: Manager Service Delivery 1. PURPOSE This plicy
More informationAudit Committee Charter
Audit Cmmittee Charter Membership The Audit Cmmittee (the "Cmmittee") f the Bard f Directrs (the "Bard") f Philip Mrris Internatinal Inc. (the "Cmpany") shall cnsist f at least three directrs all f whm
More informationPrivacy Plicy Welcme, Sensati & JHI
Privacy Plicy Welcme t www.framesdata.cm! This site (the Frames Data Online Site ) is wned by Frames Data Inc. ("FDI" r we ), a subsidiary f Jbsn Medical Infrmatin LLC ("JMI") and its parent, Jbsn Healthcare
More informationFREQUENTLY ASKED QUESTIONS ON THE EUCOMED ETHICAL BUSINESS LOGO
Rue Jseph II, 40 www.eucmed.rg FREQUENTLY ASKED QUESTIONS ON THE EUCOMED ETHICAL BUSINESS LOGO Q1: What is the Eucmed Ethical Business Lg? A1: The Ethical Business Lg is a Lg licensed by Eucmed, the Eurpean
More informationInformation Services Hosting Arrangements
Infrmatin Services Hsting Arrangements Purpse The purpse f this service is t prvide secure, supprted, and reasnably accessible cmputing envirnments fr departments at DePaul that are in need f server-based
More informationState of California California Technology Agency. Software Management Plan Guidelines
State f Califrnia Califrnia Technlgy Agency Sftware Management Plan Guidelines Revised April 2011 Sectin 1 1.0 Overview INTRODUCTION TO SOFTWARE MANAGEMENT PLANNING The State Administrative Manual (SAM)
More informationOptimal Payments Extension. Supporting Documentation for the Extension Package. 20140225 v1.1
Optimal Payments Extensin Supprting Dcumentatin fr the Extensin Package 20140225 v1.1 Revisin Histry v1.1 Updated Demac Media branding v1.0 Initial Dcument fr Distributin supprt@ptimalpayments.cm Page
More informationGUIDELINE INFORMATION MANAGEMENT (IM) PROGRAM PLAN
Gvernment f Newfundland and Labradr Office f the Chief Infrmatin Officer Infrmatin Management Branch GUIDELINE INFORMATION MANAGEMENT (IM) PROGRAM PLAN Guideline (Definitin): OCIO Guidelines derive frm
More informationWhat Information Is Collected and How Is It Collected?
RCI PRIVACY NOTICE RCI Pacific Pty Ltd is cncerned abut privacy issues and wants yu t be familiar with hw we cllect, use and disclse infrmatin. This Privacy Ntice describes ur practices in cnnectin with
More informationElectronic Data Interchange (EDI) Requirements
Electrnic Data Interchange (EDI) Requirements 1.0 Overview 1.1 EDI Definitin 1.2 General Infrmatin 1.3 Third Party Prviders 1.4 EDI Purchase Order (850) 1.5 EDI PO Change Request (860) 1.6 Advance Shipment
More informationTHIRD PARTY PROCUREMENT PROCEDURES
ADDENDUM #1 THIRD PARTY PROCUREMENT PROCEDURES NORTH CENTRAL TEXAS COUNCIL OF GOVERNMENTS TRANSPORTATION DEPARTMENT JUNE 2011 OVERVIEW These prcedures establish standards and guidelines fr the Nrth Central
More informationMerchant Processes and Procedures
Merchant Prcesses and Prcedures Table f Cntents EXHIBIT C 1. MERCHANT INTRODUCTION TO T-CHEK 3 1.1 Wh is T-Chek Systems? 3 1.2 Hw t Cntact T-Chek Systems 3 1.3 Hw t Recgnize T-Chek Frms f Payment 3 1.3.1
More informationEA-POL-015 Enterprise Architecture - Encryption Policy
Technlgy & Infrmatin Services EA-POL-015 Enterprise ure - Encryptin Plicy Authr: Craig Duglas Date: 17 March 2015 Dcument Security Level: PUBLIC Dcument Versin: 1.0 Dcument Ref: EA-POL-015 Dcument Link:
More informationDetroit Public Schools Policy 13.14 Page 1
Detrit Public Schls Plicy 13.14 Page 1 SUBJECT: Supersedes: STUDENT RECORD AND TRANSCRIPT PROCESSING Nne; New Plicy Effective: September 1, 2006 Page: 1 f 10 1.0 Purpse 2.0 Scpe This prcedure dcuments
More informationMSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER
MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER This Audit Cmmittee Charter has been amended as f July 17, 2015. The Audit Cmmittee shall review and reassess this Charter annually and recmmend
More informationImproved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1
Imprved Data Center Pwer Cnsumptin and Streamlining Management in Windws Server 2008 R2 with SP1 Disclaimer The infrmatin cntained in this dcument represents the current view f Micrsft Crpratin n the issues
More informationHIPAA Notice of Privacy Practices. Central Ohio Surgical Associates, Inc.
HIPAA Ntice f Privacy Practices Central Ohi Surgical Assciates, Inc. THIS NOTICE OF PRIVACY PRACTICES (THE NOTICE ) DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN
More informationState Fleet Card Oversight Usage and Responsibilities
State Fleet Card Oversight Usage and Respnsibilities Intrductin The Department f General Services (DGS), Office f Fleet and Asset Management (OFAM) administers a statewide ne-prvider payment system cntract
More informationTexas Woman's University University Policy Manual
Texas Wman's University University Plicy Manual Plicy Name: Plicy Number: 6.06 Date Passed: July 2004 Health Insurance Prtability& Accuntability Act (HIPAA) Date Reviewed: September 2008 Next Review: September
More informationPeratr Accreditatin and Services in Queensland
Infrmatin Bulletin PT 204/09.15 Operatr Accreditatin fr Limusine Services What is peratr accreditatin? The Transprt Operatins (Passenger Transprt) Act 1994 requires peratrs f public passenger services
More informationFrequently Asked Questions about the Faith A. Fields Nursing Scholarship Loan
ARKANSAS STATE BOARD OF NURSING 1123 S. University Avenue, Suite 800, University Twer Building, Little Rck, AR 72204 Phne: (501) 686-2700 Fax: (501) 686-2714 www.arsbn.rg Frequently Asked Questins abut
More informationWoodstock Multimedia, INC. Software/Hardware Usage Policy
Wdstck Multimedia, INC. Sftware/Hardware Usage Plicy POLICY PURPOSE The purpse f the Wdstck Multimedia, INC. Sftware / Hardware Usage Plicy is t ensure that Wdstck Multimedia, INC. emplyees are prperly
More informationTITLE: Supplier Contracting Guidelines Process: FIN_PS_PSG_050 Replaces: Manual Sections 6.4, 7.1, 7.5, 7.6, 7.11 Effective Date: 10/1/2014 Contents
TITLE: Supplier Cntracting Guidelines Prcess: FIN_PS_PSG_050 Replaces: Manual Sectins 6.4, 7.1, 7.5, 7.6, 7.11 Cntents 1 Abut university supplier cntracting... 2 2 When is a cntract required?... 2 3 Wh
More informationNHVAS Mass Management Spot Check Checklist
Legal Entity Name f NHVAS Operatr: DTMR Representative: Lcatin: NHVAS Mass Management Spt Check Checklist Spt Check Date: Spt Check Number: DMS Number: 540/ The fllwing surces f evidence have been identified
More informationIT Help Desk Service Level Expectations Revised: 01/09/2012
IT Help Desk Service Level Expectatins Revised: 01/09/2012 Overview The IT Help Desk team cnsists f six (6) full time emplyees and fifteen (15) part time student emplyees. This team prvides supprt fr 25,000+
More informationTo clarify terms used within these policies, the following definitions are provided:
Baker University Email Plicy E-mail services are prvided t the Baker cmmunity in supprt f the educatinal missin f the University and the administrative functins t carry ut that missin. Users f Baker e-mail
More informationChange Management Process For [Project Name]
Management Prcess Fr [Prject Name] i 1 Intrductin The is fllwed during the Executin phase f the Prject Management Life Cycle, nce the prject has been frmally defined and planned. 1.1 What is a Management
More informationOnline Banking Agreement
Online Banking Agreement 1. General This Online Banking Agreement, which may be amended frm time t time by us (this "Agreement"), fr accessing yur Clrad Federal Savings Bank accunt(s) via the Internet
More informationChapter 7 Business Continuity and Risk Management
Chapter 7 Business Cntinuity and Risk Management Sectin 01 Business Cntinuity Management 070101 Initiating the Business Cntinuity Plan (BCP) Purpse: T establish the apprpriate level f business cntinuity
More informationPrivacy Breach and Complaint Protocol
Privacy Breach and Cmplaint Prtcl Effective: December 31, 2012 Apprved by: Le McKenna, CFO 1.0 General Privacy breaches and privacy cmplaints will be handled in accrdance with this prtcl. This prtcl is
More informationCMS Eligibility Requirements Checklist for MSSP ACO Participation
ATTACHMENT 1 CMS Eligibility Requirements Checklist fr MSSP ACO Participatin 1. General Eligibility Requirements ACO participants wrk tgether t manage and crdinate care fr Medicare fee-fr-service beneficiaries.
More information