Educause Security Discussion mailing list archives
Re: PCI Compliance Efforts
From: Felecia Vlahos <fvlahos () COX NET>
Date: Fri, 14 Oct 2011 15:18:20 -0700
Hi Jen,Yeah, sorry, we wouldn't be able to share that type of PCI compliance information, other than to affirm we share your misery and it is quite an effort. Maybe Educause has something for you to use already or can incorporate it into future surveys? Or a great anonymous survey for the Educause Security Professionals conference!
Thanks, FeleciaOn Fri, 14 Oct 2011 14:53:23 -0700, Radford, Jennifer <jradford () intaudit ubc ca> wrote:
Hi Felecia,I was thinking along the lines of whether people are actually fully compliant (overall for all merchants, i.e. for the institution), or (hopefully) substantially there. We are a level 4 merchant with a mixture of SAQ A, B, C, and D levels and it was quite an effort to >address PCI compliance requirements so I am just wondering how PCI was for the rest of the Higher ed world.Cheers, JenFrom: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Felecia VlahosSent: Friday, October 14, 2011 2:49 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] PCI Compliance Efforts Jennifer,Can you describe what you mean by "compliance efforts"? 1) Using a QSA, which ASV, project tools? Or 2) merchant level, #MIDs, submitted attestations, compliance status, etc.?For the set of questions in 2), this would be considered protected information, especially in a combined database.Felecia Vlahos ISO SDSUOn Fri, 14 Oct 2011 14:08:35 -0700, Radford, Jennifer <jradford () intaudit ubc ca> wrote:Hi,I am trying to benchmark PCI compliance efforts across north American Higher Ed Institutions. I would be grateful if people could share their insights in this area.Cheers, Jenny Jennifer Radford, Senior IT Audit Manager Internal Audit, UBC 6000 Iona Drive, Vancouver, BC Canada V6T 1L4 Phone: 604-822-6512 Fax: 604-822-9027 E-mail: Jradford () intaudit ubc ca Web: www.intaudit.ubc.caThe information contained in this e-mail message is strictly confidential and intended solely for the use of the designated addressee(s). Any unauthorized viewing, disclosure, copying or distribution of this e-mail is prohibited and may be unlawful. If you have received this e-mail in error, please do not read it, reply to the sender >>immediately to inform us that you are not the intended recipient, and delete the e-mail from your computer system. Thank you.
Current thread:
- PCI Compliance Efforts Radford, Jennifer (Oct 14)
- Re: PCI Compliance Efforts Felecia Vlahos (Oct 14)
- Re: PCI Compliance Efforts Radford, Jennifer (Oct 14)
- Re: PCI Compliance Efforts Felecia Vlahos (Oct 14)
- Re: PCI Compliance Efforts Radford, Jennifer (Oct 14)
- Re: PCI Compliance Efforts Hugh Burley (Oct 21)
- <Possible follow-ups>
- Re: PCI Compliance Efforts John Ladwig (Oct 14)
- Re: PCI Compliance Efforts Radford, Jennifer (Oct 14)
- Re: PCI Compliance Efforts Felecia Vlahos (Oct 14)