To: University Business Managers
From: Dennis Press, University Controller
Stan Waddell, Executive Director & Information Security Officer, ITS
Date: March 10, 2011
The University’s credit card policies as well as Payment Card Industry Data Security Standards stipulate that everyone involved in the credit card environment is required to complete PCI training on an annual basis. Since credit card information is considered to be sensitive information, everyone involved in the credit card environment must also complete the ITS Security Awareness Training. These trainings apply not only to those who have access to full credit card numbers, but also to those who have access to truncated credit card numbers that can be found in credit card receipts, payment gateways, and merchant statements. These trainings also apply to IT support/ developers of applications and software that access or process credit card information or interface with credit card payment gateways.
In order to provide education and training about protecting payment card data with the PCI Data Security Standards, an online training portal has been developed with Vigitrust. A guide for registering and using the portal is available on the Finance Training web site. Two online training courses are now available. Please have all individuals in the credit card environment register through this link using their University email address. The course titled “PCI Comprehensive” should be completed by the following:
- The individual who completes the annual Self-Assessment Questionnaire.
- Individuals who are the IT support of payment applications and software.
- All CERTIFI (Compliant Electronic Receipt Transactions through Innovation and Financial Integrity) committee members.
Everyone else involved in the credit card environment is required to complete the course titled “PCI Basic.”
ITS Security Awareness Training is online.
It is the responsibility of the department’s Credit Card Merchant Contact to make sure that everyone involved in the credit card environment in their area completes the appropriate PCI training course and ITS Security Awareness Training in a timely manner. The deadline for completing the PCI training and ITS Security Awareness Training is May 31, 2011.
The CERTIFI Committee appreciates your support to complete this training program. If you have any questions, please email email@example.com.