Re: PCI Compliance Efforts

[John Ladwig <John.Ladwig () CSU MNSCU EDU>]

I'm interested in why you speak of PCI compliance in the past tense; do you mean the effort of initially achieving 
compliance?

If so, how's the ongoing compliance and self-assessment going?  Several reports suggest that even Level one merchants 
face a backsliding tendency between ROC events.

We have a boatload of Level four merchants, and pretty much all are struggling with first-compliance. 

    -jml 


-----Original Message-----
From: Radford, Jennifer
Sent: 2011-10-14 16:54:07
To: Radford, Jennifer;The EDUCAUSE Security Constituent Group Listserv
Cc: 
Subject: Re: [SECURITY] PCI Compliance Efforts


Hi Felecia,

I was thinking along the lines of whether people are actually fully compliant (overall for all merchants, i.e. for the 
institution), or (hopefully) substantially there.  We are a level 4 merchant with a mixture of SAQ A, B, C, and D 
levels and it was quite an effort to address PCI compliance requirements so I am just wondering how PCI was for the 
rest of the Higher ed world.

Cheers,
Jen

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Felecia 
Vlahos
Sent: Friday, October 14, 2011 2:49 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] PCI Compliance Efforts

Jennifer,

Can you describe what you mean by "compliance efforts"?  1) Using a QSA, which ASV, project tools?  Or 2) merchant 
level, #MIDs, submitted attestations, compliance status, etc.?

For the set of questions in 2), this would be considered protected information, especially in a combined database.

Felecia Vlahos
ISO SDSU

On Fri, 14 Oct 2011 14:08:35 -0700, Radford, Jennifer <jradford () intaudit ubc ca<mailto:jradford () intaudit ubc ca>> 
wrote:

Hi,

I am trying to benchmark PCI compliance efforts across north American Higher Ed Institutions. I would be grateful if 
people could share their insights in this area.

Cheers,

Jenny

Jennifer Radford, Senior IT Audit Manager
Internal Audit, UBC
6000 Iona Drive, Vancouver, BC Canada V6T 1L4
Phone:  604-822-6512
Fax:  604-822-9027
E-mail:  Jradford () intaudit ubc ca<mailto:Jradford () intaudit ubc ca>
Web:  www.intaudit.ubc.ca<http://www.intaudit.ubc.ca>
The information contained in this e-mail message is strictly confidential and intended solely for the use of the 
designated addressee(s). Any unauthorized viewing, disclosure, copying or distribution of this e-mail is prohibited and 
may be unlawful. If you have received this e-mail in error, please do not read it, reply to the sender immediately to 
inform us that you are not the intended recipient, and delete the e-mail from your computer system. Thank you.