Educause Security Discussion mailing list archives

Re: PCI DSS University-Wide Compliance

From: Barron Hulver <Barron.Hulver () OBERLIN EDU>
Date: Wed, 30 Jan 2013 16:38:48 -0500

I handle PCI DSS compliance for each merchant ID individually.  Oberlin
College is a small organization and we only have about 10 accounts.  I
believe this is the best way to handle this for a small set of merchant
accounts.


Barron

Barron Hulver
Director of Networking, Operations, and Systems
Center for Information Technology
Oberlin College
148 West College Street
Oberlin, OH  44074
440-775-8702
Barron.J.Hulver () oberlin edu
http://www2.oberlin.edu/staff/bhulver/




On 1/30/13 1:12 PM, Carlos Lobato wrote:

Hello All,

 

For those PCI DSS Compliance Gurus, how do you assure University-Wide
PCI DSS compliance?

 

 1. Do you ensure PCI DSS compliance for each merchant ID individually
    or do you take all merchant IDs for the University?
 2. If individually, do you ONLY consider those transactions for
    compliance purposes?
 3. How do you ensure/assure compliance for your University as a whole?  

I would really appreciate any feedback I can get from experts as Audit
Committees have a tendency to ask basic compliance questions and request
global assurance.

 

I would also appreciate approches used at your University to address
global compliance assurance or other general opinions, comments, etc.

 

Carlos

 

*Carlos S. Lobato, CISA, CIA*

*IT Compliance Officer*

** 

*New Mexico State University*

Information and Communication Technologies

MSC 3AT PO Box 30001

Las Cruces, NM  88003

 

Phone (575) 646-5902

Fax (575) 646-5278

Current thread:

PCI DSS University-Wide Compliance Carlos Lobato (Jan 30)
- Re: PCI DSS University-Wide Compliance Lorenz, Eva (Jan 30)
- Re: PCI DSS University-Wide Compliance Dan Sarazen (Jan 30)
- Re: PCI DSS University-Wide Compliance John Ladwig (Jan 30)
- Re: PCI DSS University-Wide Compliance Barron Hulver (Jan 30)