Educause Security Discussion mailing list archives
Re: PCI Compliance Policies
From: Doug Markiewicz <dmarkiew+educause () ANDREW CMU EDU>
Date: Thu, 19 Jul 2007 13:41:50 -0400
If you haven't already, you may want to review some of the information EDUCAUSE has available: http://connect.educause.edu/term_view/PCI%2BDSS If you have a copy of Information Security Policies Made Easy, InformationShield (the publisher) has a PCI mapping available. http://www.informationshield.com/PCIStandardPolicyMap.pdf I've gone through the exercise of creating generic PCI policies purely for the sake of compliance with PCI (at the request of a client). Not something I would recommend. Better off identifying policy requirements within the standard, mapping those requirements against your existing policies, identifying gaps and then taking steps to fill those gaps. That is a lot easier said than done though. :) Here's a few university resources I found after a quick google search: http://controller.nd.edu/policies-and-procedures/credit_card_support_program /PaymentCardPolicy.shtml http://www.uiowa.edu/%7Efustreas/Credit%20Card%20Handling%20Policies%20and%2 0Procedures.pdf http://www.security.duke.edu/pci.html Also probably worth posting to the Policy and Law list. Hope this helps! -----Original Message----- From: Brewer, Alex D [mailto:Brewerad () MONTEVALLO EDU] Sent: Thursday, July 19, 2007 12:11 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] PCI Compliance Policies Doug, The compliance is based on the number of transactions you process. http://www.pcicomplianceguide.org/aboutpcicompliance.html Alex Brewer Network Specialist University of Montevallo Computer Services 205-665-8474 -----Original Message----- From: Sandford, Doug [mailto:doug () UA EDU] Sent: Thursday, July 19, 2007 10:35 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] PCI Compliance Policies Has anyone developed policies related to the process of becoming PCI compliant? Or perhaps links to some sources that have already been developed? Not having to re-invent the wheel would speed the certification process considerably. Thanks in advance..... Doug Sandford University of Alabama Office of Information Technology
Current thread:
- PCI Compliance Policies Sandford, Doug (Jul 19)
- <Possible follow-ups>
- Re: PCI Compliance Policies Brewer, Alex D (Jul 19)
- Re: PCI Compliance Policies Penn, Blake (Jul 19)
- Re: PCI Compliance Policies Chuck Dunn (Jul 19)
- Re: PCI Compliance Policies Theresa M Rowe (Jul 19)
- Re: PCI Compliance Policies Roger Safian (Jul 19)
- Re: PCI Compliance Policies Theresa M Rowe (Jul 19)
- Re: PCI Compliance Policies Doug Markiewicz (Jul 19)
- Fw: PCI Compliance Policies Nick Fasano (Jul 19)
- Re: PCI Compliance Policies Penn, Blake (Jul 19)
- Re: PCI Compliance Policies Roger Safian (Jul 19)
- Re: PCI Compliance Policies Jones, Dan (Jul 19)
- Re: PCI Compliance Policies Brad Judy (Jul 19)
- Re: Fw: PCI Compliance Policies Brad Judy (Jul 19)
- Re: Fw: PCI Compliance Policies Roger Safian (Jul 19)
- Re: PCI Compliance Policies Curt Wilson (Jul 26)
- Re: PCI Compliance Policies Brad Judy (Jul 26)
- Re: PCI Compliance Policies Scott O. Bradner (Jul 31)
(Thread continues...)