Re: VISA Net audit?

[Robert Ridenour <ridenour () UTK EDU>]

We have received one as well and are currently working with the group
responsible for the application.  One of the issues we have is the "third
party" quarterly network scan and annual on-site assessment that must be
done.  That is a cost that we have not budgeted for and I wondered how
others are handling this.

Robert L. Ridenour Jr.
Information Security Officer
University of Tennessee
ridenour () utk edu
865-974-8630



-----Original Message-----
From: Doug Sandford [mailto:dsandfor () SEEBECK UA EDU]
Sent: Friday, June 03, 2005 3:23 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] VISA Net audit?

Our Loans Receivables group called a couple of days ago to alert me
to an audit requirement that has been imposed by Visa(Net), for whom
we are a "merchant."   The process involves a self-assessment,
together with a "Quarterly Network Security Scan" that must be
conducted by a Visa-certified third party.

Have any of you received the same notification? And how did you deal
with what we are told is a June 30 compliance date?

Regards, and thanks in advance.




Doug Sandford
Information Security Officer
University of Alabama
Seebeck Computer Center
doug () ua edu

This email is intended only for the person to whom it is
addressed.  Any review or other use of this information by
persons or entities other than the intended recipient or any
retransmission without the consent of the sender is prohibited.