Re: PCI Compliance Efforts

[Hugh Burley <hburley () TRU CA>]

Hi Jennifer,
 
We currently have an external PCI audit program underway.  It took considerable effort to get executive recognition of 
the seriousness of the problem.  It was initiated with an internal assessment of compliance, and a Credit Card Data 
Usage Assessment which were completed over the previous two years.
 
We are now beginning to make real changes to address PCI Compliance and I suspect TRU will be substantially compliant 
during this fiscal.
 
We will likely end up with two locations that remain SAQ-D and the rest SAQ-C. It is possible we will end up with only 
one SAQ-D, an SAQ-CVT, and the rest SAQ-C.
 
Feel free to contact me off-list if you are seeking more detail.

Regards,
 
 
 
Hugh Burley
Thompson Rivers University
ITS - Senior Technology Coordinator
Information Security Officer
CISSP, CIPP/C, CISA
Security, Privacy, Audit
BCCOL - 222D
250-852-6351

> > > "Radford, Jennifer" <jradford () INTAUDIT UBC CA> 14/10/2011 2:08 pm >>>

Hi,
 
I am trying to benchmark PCI compliance efforts across north American Higher Ed Institutions. I would be grateful if 
people could share their insights in this area. 
 
Cheers,
 
Jenny
 
Jennifer Radford, Senior IT Audit Manager
Internal Audit, UBC
6000 Iona Drive, Vancouver, BC Canada V6T 1L4
Phone:  604-822-6512
Fax:  604-822-9027
E-mail:  Jradford () intaudit ubc ca
Web:  www.intaudit.ubc.ca ( http://www.intaudit.ubc.ca/ )
The information contained in this e-mail message is strictly confidential and intended solely for the use of the 
designated addressee(s). Any unauthorized viewing, disclosure, copying or distribution of this e-mail is prohibited and 
may be unlawful. If you have received this e-mail in error, please do not read it, reply to the sender immediately to 
inform us that you are not the intended recipient, and delete the e-mail from your computer system. Thank you.