Business Office – Chris Gardner, Chief Financial Officer
Information Technology Services – Fred Miller, Chief Information Officer
Last Revised: 06/11/2019
Title: PCI Committee policy
Applicable: Wofford CollegeStaff and Faculty)
Contacts: IT Help Center ext. 4357
Background: The Payment Card Industry Data Security Standard (PCI-DSS) is a set of requirements for the secure handling and processing of credit card transactions. PCI-DSS compliance is an ongoing effort that comprises the paper and data processes integrated into daily operating procedures. Failure to comply with PCI-DSS requirements places Wofford information at risk and could result in fines. The PCI-DSS is one of the most demanding security standards. Lessons learned from PCI-DSS compliance benefit the College’s risk management for all information security.
Policy: The PCI Committee functions as an administrative oversight group to ensure that Wofford systems and processes comply with the requirements of the PCI-DSS security standards. The PCI committee will implement payment acceptance as required by PCI-DSS including policies, procedures, training, technology, and payment gateway(s). The committee will decide on any requests for exceptions to the Payment Card Security Policy.
Guidelines
1. Members of the PCI Committee are expected to meet regularly. The Director of Business Services and Risk Management and the Chief Information Officer serve as co-chairs for the committee and establishes the agenda for committee meetings.
2. Membership of the PCI Committee is to consist of:
a. Director of Business Services and Risk Management (co-chair)
b. Chief Information Officer (co-chair)
c. Director of Networks
d. Director of Information Management
e. Security Coordinator/Server Manager
f. One representatives designated by the Chief Financial Officer.
g. One representative designated by the Senior Vice President for Advancement
h. One representative designated by the Director of Athletics
3. The Committee co-chairs may invite additional members of the campus community to committee meetings to address specific matters related to meeting agenda items.