Educause Security Discussion mailing list archives
Re: PCI Compliance Efforts
From: John Ladwig <John.Ladwig () CSU MNSCU EDU>
Date: Fri, 14 Oct 2011 17:35:13 -0500
I'm interested in why you speak of PCI compliance in the past tense; do you mean the effort of initially achieving compliance? If so, how's the ongoing compliance and self-assessment going? Several reports suggest that even Level one merchants face a backsliding tendency between ROC events. We have a boatload of Level four merchants, and pretty much all are struggling with first-compliance. -jml -----Original Message----- From: Radford, Jennifer Sent: 2011-10-14 16:54:07 To: Radford, Jennifer;The EDUCAUSE Security Constituent Group Listserv Cc: Subject: Re: [SECURITY] PCI Compliance Efforts Hi Felecia, I was thinking along the lines of whether people are actually fully compliant (overall for all merchants, i.e. for the institution), or (hopefully) substantially there. We are a level 4 merchant with a mixture of SAQ A, B, C, and D levels and it was quite an effort to address PCI compliance requirements so I am just wondering how PCI was for the rest of the Higher ed world. Cheers, Jen From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Felecia Vlahos Sent: Friday, October 14, 2011 2:49 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] PCI Compliance Efforts Jennifer, Can you describe what you mean by "compliance efforts"? 1) Using a QSA, which ASV, project tools? Or 2) merchant level, #MIDs, submitted attestations, compliance status, etc.? For the set of questions in 2), this would be considered protected information, especially in a combined database. Felecia Vlahos ISO SDSU On Fri, 14 Oct 2011 14:08:35 -0700, Radford, Jennifer <jradford () intaudit ubc ca<mailto:jradford () intaudit ubc ca>> wrote: Hi, I am trying to benchmark PCI compliance efforts across north American Higher Ed Institutions. I would be grateful if people could share their insights in this area. Cheers, Jenny Jennifer Radford, Senior IT Audit Manager Internal Audit, UBC 6000 Iona Drive, Vancouver, BC Canada V6T 1L4 Phone: 604-822-6512 Fax: 604-822-9027 E-mail: Jradford () intaudit ubc ca<mailto:Jradford () intaudit ubc ca> Web: www.intaudit.ubc.ca<http://www.intaudit.ubc.ca> The information contained in this e-mail message is strictly confidential and intended solely for the use of the designated addressee(s). Any unauthorized viewing, disclosure, copying or distribution of this e-mail is prohibited and may be unlawful. If you have received this e-mail in error, please do not read it, reply to the sender immediately to inform us that you are not the intended recipient, and delete the e-mail from your computer system. Thank you.
Current thread:
- PCI Compliance Efforts Radford, Jennifer (Oct 14)
- Re: PCI Compliance Efforts Felecia Vlahos (Oct 14)
- Re: PCI Compliance Efforts Radford, Jennifer (Oct 14)
- Re: PCI Compliance Efforts Felecia Vlahos (Oct 14)
- Re: PCI Compliance Efforts Radford, Jennifer (Oct 14)
- Re: PCI Compliance Efforts Hugh Burley (Oct 21)
- <Possible follow-ups>
- Re: PCI Compliance Efforts John Ladwig (Oct 14)
- Re: PCI Compliance Efforts Radford, Jennifer (Oct 14)
- Re: PCI Compliance Efforts Felecia Vlahos (Oct 14)