Educause Security Discussion mailing list archives
Re: PCI - Third party vendors
From: Mike Chapple <mchapple () ND EDU>
Date: Thu, 24 Jul 2014 16:46:54 -0400
Craig, My take, in a situation like this, is that you would bear no responsibility for PCI compliance. If the entity running the coffee shop is truly a completely independent operation, then the institution's relationship is likely one of landlord/tenant. Unless the contract between you specifies that you are acting as a service provider and will operate the network in a PCI-compliant fashion, I believe the coffee shop would bear full responsibility for PCI compliance. It's similar to the relationship you have with your own ISP. That said, it's always in your best interest to ensure that businesses operating on your campus are acting responsibly. If they do suffer a breach there may be some reputational splash-back. Best regards, Mike *Mike Chapple, Ph.D.*Senior Director for IT Service Delivery Concurrent Assistant Professor, Computer Applications University of Notre Dame 236 IT Center *| * Notre Dame, IN 46556 *P:* 574-631-5863 *|* *M: *574-274-0151 mchapple () nd edu On Thu, Jul 24, 2014 at 4:30 PM, Drake, Craig <c-drake () neiu edu> wrote:
We have a new coffee shop going into our library. They are completely run by an external entity not associated with the university. They want to connect their terminals to our university network (possibly wireless) to transmit their credit card transactions. What do we need to be concerned with in terms of PCI compliance with them running this through our networks? Thank you, -Craig Craig Drake University Technology Services Northeastern Illinois University 5500 North St. Louis Avenue, Chicago, IL 60625 Phone: (773) 442-4386 Email: C-Drake () neiu edu www.neiu.edu
-- Best regards, Mike *Mike Chapple, Ph.D.*Senior Director for IT Service Delivery Concurrent Assistant Professor, Computer Applications University of Notre Dame 236 IT Center *| * Notre Dame, IN 46556 *P:* 574-631-5863 *|* *M: *574-274-0151 mchapple () nd edu
Current thread:
- PCI - Third party vendors Drake, Craig (Jul 24)
- Re: PCI - Third party vendors Brad Judy (Jul 24)
- Re: PCI - Third party vendors Hendra Hendrawan (Jul 24)
- Re: PCI - Third party vendors Mike Chapple (Jul 24)
- Re: PCI - Third party vendors Roger A Safian (Jul 24)
- Re: PCI - Third party vendors Christopher Jones (Jul 24)
- Re: PCI - Third party vendors Kobezak, Philip (Jul 24)
- Re: PCI - Third party vendors T. Shayne Ghere (Jul 24)
- Re: PCI - Third party vendors Shamblin, Quinn (Jul 25)
- Re: PCI - Third party vendors Bruce Curtis (Jul 29)
- Re: PCI - Third party vendors Christopher Jones (Jul 24)
- Re: PCI - Third party vendors Brad Judy (Jul 24)
- Re: PCI - Third party vendors Mike Cunningham (Jul 25)
- Re: PCI - Third party vendors Blake Penn (Jul 25)
- Re: PCI - Third party vendors Mike Chapple (Jul 25)