PCI Project Team Charter

Background

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that store, process or transmit cardholder data (CHD) in any format (e.g. electronic, paper-based, etc).  This standard was created to better assist entities increase overall security of CHD and reduce credit card fraud via its exposure.  The PCI DSS is comprised of 12 requirements that specify the framework for secure payment environments. 

Longwood University will undertake steps to ensure the University is compliant with the PCI DSS by developing and implementing a service offering that includes the technology, training, policies, procedures, processes and support to achieve compliance and mitigate risks, as outlined in the PCI DSS Compliance Roadmap Report.

The PCI Project Team is a cross-organizational working group of representatives from the University that have interaction with the handling of CHD.  This team will discuss findings and develop strategies that will ensure PCI DSS requirements are met.

Purpose

The PCI Project Team will assist the University in getting compliant with the PCI DSS and reduce the scope of items that will need to be compliant with the PCI DSS by implementing the changes set forth by the strategic direction of the University.

Functions

  • Meet regularly to address issues and findings.
  • Develop strategies for remediation of non-compliant items.
  • Monitor, support and follow up with merchant areas to ensure any and all corrective actions are applied.
  • Report any feedback, concerns and proposals from the merchant areas to the project team.
  • Assist merchants in completing their annual Self-Assessment Questionnaires (SAQ).
  • Champion PCI DSS compliance across the University.

Structure

  • Brent Hobby, Security Advisor – CampusGuard
  • Kirsten Bowen, Bursar
  • Jason Tinsley, Information Security Officer
  • Aneicia Stimpson, Associate Vice President of Information Technology Services
  • David Overstreet, Internal Audit Director (non-voting member)

Operation

The PCI Project Team will meet regularly to discuss and act upon areas of non-compliance at the University.  The direction will be based on a consensus, incorporating the requirement to be compliant with the PCI DSS.  If consensus cannot be reached, the Chair will seek resolution with the PCI DSS Compliance Project Sponsor (Vice President for Administration and Finance).

The PCI Project Team will remain in place for the duration of the PCI DSS Compliance Project.