Educause Security Discussion mailing list archives

Re: PCI Responsability

From: Rob Milman <rob.milman () SAIT CA>
Date: Fri, 6 Apr 2018 19:50:18 +0000

Hi Ron,

Finance is accountable for PCI compliance, however it is joint effort between IT and Finance. Primary reason is because 
Finance owns the relationship with our payment provider and is ultimately responsible for any and all payment handling 
policies and processes.

IT has contracted a third party QSA to oversee the compliance project.

Thanks,

Rob Milman

[cid:image004.png@01D18F19.9217E950]

Rob Milman
Associate Director, Information Security
Information Systems

Southern Alberta Institute of Technology
EH Crandell Building, GA 214
1301 – 16 Avenue NW, Calgary AB, T2M 0L4

(Office) 403.774.5401  (Cell) 403.606.3173
rob.milman () sait ca<mailto:rob.milman () sait ca>





From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ronald 
King
Sent: Friday, April 6, 2018 9:18 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] PCI Responsability

Good morning colleagues,

I wanted to reach out to you to ask what division or department in your institution is ultimately accountable for PCI 
compliance. Is it your IT, Finance or another department/division? Why?

Do you have a dedicated employee, contractor or team overseeing compliance to PCI?

As always, feel free to reach me directly.

Thank you and have a great weekend!
Ron
Ronald A. King, CISSP
Chief Information Security Officer
Morgan State University                                                                                               
Office:  (443) 885-3372
1700 E. Cold Spring Ln.                                                                                   Email:    
ronald.king () morgan edu<mailto:ronald.king () morgan edu>
Baltimore, MD 21251                                                                                      URL:       
http://www.morgan.edu

                                                Growing the future ... Leading the 
world<http://www.morgan.edu/Documents/ABOUT/StrategicPlan/StrategicPlan2011-21_Final.pdf>

Current thread:

Re: PCI Responsability, (continued)
- Re: PCI Responsability Pardonek, Jim (Apr 06)
  - Re: PCI Responsability Sunil Singh (Apr 06)
    - Re: PCI Responsability Nevin, Dave (Apr 06)
    - Re: PCI Responsability Jason Edelstein (Apr 06)
    - Re: PCI Responsability Ben Marsden (Apr 06)
    - Re: PCI Responsability Josh Callahan (Apr 06)
- Re: PCI Responsability Ken Connelly (Apr 06)
  - Re: PCI Responsability Lazarus, Carolann (Apr 06)
    - Security Onion - IDS build Sunil Singh (Apr 07)
- Re: PCI Responsability Laura Raderman (Apr 06)
- Re: PCI Responsability Rob Milman (Apr 06)
- Re: PCI Responsability Penn, Blake C (Apr 09)
  - Re: PCI Responsability Dennis Bolton (Apr 09)
    - Re: PCI Responsability Ronald King (Apr 13)
- Re: PCI Responsability Carlos S Lobato (Apr 06)
  - Re: PCI Responsability Ronald King (Apr 06)