Re: RuffaloCODY Fundraising Management question

[Walter Petruska <wpetruska () USFCA EDU>]

My question was mostly about how you delineate in your service agreement
the responsibilities or Scope of PCI between ruffalocody and your own
campus.

Is it in the service agreement, is it in an attached diagram or what?
On Jun 20, 2013 9:20 AM, "Coffman, Tobiah" <tcoffman () bsu edu> wrote:

>  Walter,****
>
> ** **
>
> We have RuffaloCODY on our campus.  I have somewhat limited knowledge of
> the setup, but I can answer what I know and try to get answers for anything
> else.****
>
> ** **
>
> -Tobey Coffman, CISSP****
>
> Director of Information Security****
>
> Ball State University****
>
> ** **
>
> *From:* The EDUCAUSE Security Constituent Group Listserv [mailto:
> SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Walter Petruska
> *Sent:* Wednesday, June 19, 2013 3:07 PM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* [SECURITY] RuffaloCODY Fundraising Management question****
>
> ** **
>
> Could any of you who have RuffaloCODY as a service provider, operating ON
> your campus (and therefore within your facilities/on your network, etc.)
> please contact me directly (off-list) for a brief discussion.
>
> The topic is past performance, and specifically, PCI-compliance and where
> to draw the contract and technology and organizational lines to maintain
> compliance of each party (RuffaloCODY & your institution)****
>
> Thanks much-
> ****
>
>
> -- ****
>
> *Walter Petruska CISSP, CISA, CGEIT*
> *Information Security Officer*
> infosec.usfca.edu
>
>
>
> *University of San Francisco*
> Lone Mountain North - 2nd Floor
> 2130 Fulton Street
> San Francisco, CA 94117
> *ITS Help Desk*, Phone: 415-422-6668
>
>
> ****