Educause Security Discussion mailing list archives
Re: VISA Net audit?
From: Willis Marti <wmarti () TAMU EDU>
Date: Fri, 3 Jun 2005 14:38:55 -0500
Our Loans Receivables group called a couple of days ago to alert me to an audit requirement that has been imposed by Visa(Net), for whom we are a "merchant." The process involves a self-assessment, together with a "Quarterly Network Security Scan" that must be conducted by a Visa-certified third party. Have any of you received the same notification? And how did you deal with what we are told is a June 30 compliance date?
The standard changed in January. Best explanation is http://usa.visa.com/business/accepting_visa/ops_risk_management/cisp.html Key point is defining the "merchant". Your credit card volume determines exact requirements. Fortunately all ours are Level 4. It's a pain but we're treating the deadline as real. Installing firewalls and documenting network connected CC processing systems. -- Cheers, Willis Marti Associate Director for Networking Computing & Information Services Texas A&M University
Current thread:
- VISA Net audit? Doug Sandford (Jun 03)
- <Possible follow-ups>
- Re: VISA Net audit? Theresa M Rowe (Jun 03)
- Re: VISA Net audit? Austin Winkleman (Jun 03)
- Re: VISA Net audit? Willis Marti (Jun 03)
- Re: VISA Net audit? Lanham, Sean (Jun 03)
- Re: VISA Net audit? Info (Jun 03)
- Re: VISA Net audit? David Todd (Jun 03)
- Re: VISA Net audit? Mike Iglesias (Jun 03)
- Re: VISA Net audit? Robert Ridenour (Jun 06)
- Re: VISA Net audit? Robert Ridenour (Jun 06)
- Re: VISA Net audit? Willis Marti (Jun 10)