PCI Compliance Policy
PURPOSE:
Jefferson Community College will adhere to the Payment Card Industry Data Security Standard (PCI DSS) version 1.1, and future versions, which is a set of comprehensive requirements for credit card account data security, developed by a council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa, Inc., to help facilitate the broad adoption of consistent data security measures on a global basis.
STATEMENT OF POLICY:
- The PCI DSS security standard includes requirements for security management, policies,
procedures, network architecture, software design and other critical protective measures.
This comprehensive standard is intended to help organizations proactively protect
customer account data.
- PCI Data Security rules change over time. Version 1.1 was adopted in October 2006.
This policy pertains to version 1.1 as well as any future versions. Future rules will
be using a "Do NOT Store" model, and, therefore, our general security recommendations
to units are that they do NOT store ANY sensitive Cardholder Data.
- The Jefferson Community College Finance and IT department works with departments that
accept, process, store, and transmit credit card data to ensure that all merchant
IDs at JCC are in compliance with PCI DSS. PCI standards apply to all types of payments,
including in-person, mail, telephone, and Web transactions. JCC is committed to maintaining
the security of customer information, including payment cardholder number; name, expiration
date, and verification number, and follows best practices for protecting payment card
information.
- The Board of Trustees hereby authorizes the President, or his/her designee, to develop and establish appropriate standards and procedures to implement and enforce this policy.
PCI Compliance
Resolution 128-12