Effective Date: August 31, 2009
Latest Revision: March 28, 2017
This policy establishes the requirements for the acceptance and processing of credit card payments and for the protection of CardholderData in accordance with the Payment Card IndustryData Security Standards (PCI DSS).
Reasons for the Policy
The reason for this policy is to set the standard for protecting Cardholder Data supplied to the University or any Third Party Service Provider acting on behalf of the University.
Primary Guidance to Which This Policy Responds
This policy responds to the applicable PCI DSS requirements and University policies relevant to the protection of Cardholder Data. This policy does not supersede any Card Brand rules or federal or state law.
Responsible University Office
The Office of the Treasurer
This policy was established in August 2009.
Revision(s): July 9, 2012; August 28, 2013; October 31, 2016
Latest revision: March 28, 2017
Who is Governed by this Policy
All internal University personnel who handle Cardholder Data or can impact the security of the CU Merchant’s Cardholder Data Environment are governed by this policy.
Who Should Know This Policy
All University personnel and any Third Party Service Provider acting on behalf of the University who handle Cardholder Data or can impact the security of the CU Merchant’s Cardholder Data Environment should know this policy.
Exclusions and Special Situations
To see the full text of this policy, please use the link on the right.