Educause Security Discussion mailing list archives
Re: PCI compliance
From: Sarah Stevens <sarah () STEVENS-TECHNOLOGIES COM>
Date: Wed, 26 Mar 2008 06:42:01 -0700
Lee, Here are a couple of guidance documents that are available on the site that Ken references below, but are the most helpful as a "quick list". We do a lot of assistance with prepping an organization for PCI Compliance, due to the work we do with other compliance exercises. (PCI ends up following the same "industry best practices" that FERPA, HIPAA, FISMA, and all the others provide. In order to maintain our independence, we partner with ControlCase to act as the external auditor, as ControlCase is a Qualified Security Assessor. So, let me tell you what I have attached: 1) https://www.pcisecuritystandards.org/pdfs/pci_saq_v1-0.pdf These are the self assessment questions. Just an FYI, if you have questions about filling this out, let me know. Also, don't panic if you don't have everything. We often end up finding compensating controls to cover some items. 2) https://www.pcisecuritystandards.org/pdfs/pci_audit_procedures_v1-1.pdf These are the audit procedures that will be used by the assessor when they arrive on site. Again, there are some opportunities for compensating controls. I hope this helps, and please feel free to call/email if you have any other questions. (I have a copy of the audit procedures in word format that can be edited, if you need it. (The one posted online is protected.) Regards, Sarah Stevens Stevens Technologies (704) 625-8842 x500 -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ken Connelly Sent: Wednesday, March 26, 2008 9:10 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] PCI compliance https://www.pcisecuritystandards.org/ is the official source. Everything (and more) that you need to know can be found there. - ken Lee Weers wrote:
We discovered a department on campus that is still processing credit cards, and I am looking for a contact who would be willing to discuss the steps we need to perform to become PCI compliant. I am looking the questions we need to ask from the department, and then the initial
basic steps we need to perform now, until we get all of the documentation found and filled out. Thank you, Lee Weers Assistant Director for Network Services Central College IT Services (641) 628-7675
-- - Ken ================================================================= Ken Connelly Associate Director, Security and Systems ITS Network Services University of Northern Iowa email: Ken.Connelly () uni edu p: (319) 273-5850 f: (319) 273-7373
Current thread:
- PCI compliance Lee Weers (Mar 26)
- <Possible follow-ups>
- Re: PCI compliance Ken Connelly (Mar 26)
- Re: PCI compliance Hatala, Jeffrey (Mar 26)
- Re: PCI compliance Sarah Stevens (Mar 26)