The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that store, process or transmit cardholder data (CHD) in any format (e.g. electronic, paper-based, etc). This standard was created to better assist entities increase overall security of CHD and reduce credit card fraud via its exposure. The PCI DSS is comprised of 12 requirements that specify the framework for secure payment environments.
Longwood University will undertake steps to ensure the University is compliant with the PCI DSS by developing and implementing a service offering that includes the technology, training, policies, procedures, processes and support to achieve compliance and mitigate risks, as outlined in the PCI DSS Compliance Roadmap Report.
The PCI Project Team is a cross-organizational working group of representatives from the University that have interaction with the handling of CHD. This team will discuss findings and develop strategies that will ensure PCI DSS requirements are met.
The PCI Project Team will assist the University in getting compliant with the PCI DSS and reduce the scope of items that will need to be compliant with the PCI DSS by implementing the changes set forth by the strategic direction of the University.
The PCI Project Team will meet regularly to discuss and act upon areas of non-compliance at the University. The direction will be based on a consensus, incorporating the requirement to be compliant with the PCI DSS. If consensus cannot be reached, the Chair will seek resolution with the PCI DSS Compliance Project Sponsor (Vice President for Administration and Finance).
The PCI Project Team will remain in place for the duration of the PCI DSS Compliance Project.