Educause Security Discussion mailing list archives
Re: OrgSync and PCI Compliance
From: Velislav K Pavlov <VelislavPavlov () FERRIS EDU>
Date: Fri, 24 Jul 2015 19:48:17 +0000
For PCI compliance you have a few ways to address if a vendor is not or does not have to be compliant, but has access to CDE in your organization. Some options are to include them in your PCI assessment with their cooperation, segment your PCI CDE from orgsync services, reevaluate if they have to be included, or simply don't use them if you are not willing to deal with or tolerate any risk. My suggestion is to check with the vendor providing PCI compliance services for your University for guidance and suggestion as they should understand your environment better. Vel Pavlov | Sr. IT Security Analyst M.Sc., CISSP, C|EH, C)PTE, Security+, Rapid7 CNA & MPCS, ITIL, A+ Ferris State University Phone (231)-591-5613<tel:%28231%29-591-5613> For service requests, please contact the Technology Assistance Center (TAC)<http://www.ferris.edu/techsupport/> This message contains information which may be confidential and privileged. Unless you are the intended addressee (or authorized to receive for the intended addressee), you may not use, copy or disclose to anyone the message or any information contained in the message. If you have received the message in error, please contact the sender and delete the message. On Jul 24, 2015, at 2:36 PM, Elizabeth Shannon <eshann () KSU EDU<mailto:eshann () KSU EDU>> wrote: The Office of Student Life wants to use OrgSync so student organizations can accept payments via credit cards. Of course, OrgSync claims they do not have to comply with PCI 3.1 because they don't process credit cards. So does anyone use OrgSync with the payment gateway feature enabled or have explored this feature? Any information would be greatly appreciated. ---- Elizabeth Shannon Kansas State University Information Security and Privacy Manager 785.532.2540
Current thread:
- OrgSync and PCI Compliance Elizabeth Shannon (Jul 24)
- Re: OrgSync and PCI Compliance Velislav K Pavlov (Jul 24)