Re: RuffaloCODY Fundraising Management question

[Walter Petruska <wpetruska () USFCA EDU>]

Thanks, Jon.

I've received many replies which lead me to believe that we've had
near-universal experiences leaving us wishing for a better standard
services agreement from RuffaloCODY.

We're on negotiated version 3, which (surprise surprise) finally nails down
language over who is responsible for what- and what the delineation is
between PCI scopes between RC and USF.

As a way of asking what you ended up with- do you have a picture/drawing or
verbal description over what components, systems and people are in PCI
scope to which party?


On Thu, Jun 20, 2013 at 1:39 PM, Allen, Jon D. <Jon_Allen () baylor edu> wrote:

> We went through a long process on this one. I am happy to talk.
>
> Thanks,
>
> _________________________________
> Jon Allen, CISSP, EnCE
> Assistant Vice President &
> Chief Information Security Officer
> 254.710.4793<tel:254.710.4793>
>
> [Description: Description: bearawarefinal]
>         www.baylor.edu/bearaware<http://www.baylor.edu/bearaware>
>
> On Jun 20, 2013, at 11:20 AM, "Coffman, Tobiah" <tcoffman () BSU EDU<mailto:
> tcoffman () BSU EDU>> wrote:
>
> Walter,
>
> We have RuffaloCODY on our campus.  I have somewhat limited knowledge of
> the setup, but I can answer what I know and try to get answers for anything
> else.
>
> -Tobey Coffman, CISSP
> Director of Information Security
> Ball State University
>
> From: The EDUCAUSE Security Constituent Group Listserv [mailto:
> SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Walter Petruska
> Sent: Wednesday, June 19, 2013 3:07 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
> Subject: [SECURITY] RuffaloCODY Fundraising Management question
>
> Could any of you who have RuffaloCODY as a service provider, operating ON
> your campus (and therefore within your facilities/on your network, etc.)
> please contact me directly (off-list) for a brief discussion.
>
> The topic is past performance, and specifically, PCI-compliance and where
> to draw the contract and technology and organizational lines to maintain
> compliance of each party (RuffaloCODY & your institution)
> Thanks much-
>
> --
> Walter Petruska CISSP, CISA, CGEIT
> Information Security Officer
> infosec.usfca.edu<http://infosec.usfca.edu>
>
> [http://www.usfca.edu/images/usflogo_tag_180.png]
>
> University of San Francisco
> Lone Mountain North - 2nd Floor
> 2130 Fulton Street
> San Francisco, CA 94117
> ITS Help Desk, Phone: 415-422-6668



-- 
*Walter Petruska CISSP, CISA, CGEIT*
*Information Security Officer*
infosec.usfca.edu



*University of San Francisco*
Lone Mountain North - 2nd Floor
2130 Fulton Street
San Francisco, CA 94117
*ITS Help Desk*, Phone: 415-422-6668