Close menu Resources for... William & Mary
W&M menu close William & Mary

PCI Committee

About:  The PCI Committee is an oversight committee responsible for ensuring university compliance with the Payment Card Industry Data Security Standards (PCI DSS). In addition, the committee assists in reducing the scope of items needed for PCI DSS compliance by implementing changes set forth by the strategic direction of the university. Specific responsibilities include:

  • Maintaining policy and the training for PCI DSS compliance.
  • Reviewing proposed software solutions and related procedures for PCI DSS Compliance.
  • Onboarding new merchants.
  • Advising merchants on policies and procedures, as needed.
  • Reviewing related policies and procedures annually.
  • Conducting periodic audits of merchant payment card processing.

Committee Membership:  The PCI Committee is a standing committee comprised of members from Financial Operations, Information Technology, Internal Audit, Procurement and a merchant representative.  The committee is co-chaired by Financial Operations and Information Technology. Email at  The PCI Committee reports directly to a team of Executive Sponsors.

Committee Members:

Kelly Johnson Financial Operations - Bursar Office, Co-Chair
Ghanna Smith Financial Operations
Denise Peterson Internal Audit
Mike Caboy McCormack-Nagelsen Tennis Center, W&M Merchant Representative
Rebecca Kinkead Procurement
Bonnie Fleming Information Technology, Co-Chair
Matt Keel Information Technology
Catherine Freiling Information Technology

Committee Role:  The PCI Committee will provide both decision-making and advisory roles in the execution of its charge. 

Initial Charge and Responsibilities

1) Decision-Making Role

  •  Policies/Guidelines
    • Develop, modify, or append Payment Card policies & procedures for the university.
    • Establish training guidelines for working within the payment card solutions and PCI DSS and identify delivery methods.
  • Business Processes
    • Review all applications to become a credit card merchant and make decisions on usage and content including merchandise.
    • Review business contracts where payment processing is included and make determinations for inclusion in existing payment solutions.
    • Determine whether any business process change recommendations need to be reviewed for consideration.
  • Communications concerning Committee decisions/recommendations
    • Communicate to requesters.
    • Communicate to community/users.
2) Advisory Role
  • Business Solution
    • Provide advice to requestors on how various payment card solutions can work for their business area.
    • Provide training on PCI Compliance.
  • Quality Assurance
    • Provide advice about methods to measure systems quality and usage.

Executive Sponsors:

Melanie O'Dell Assistant Vice President, Financial Operations/University Controller
Kent Erdahl Director, Internal Audit
Pete Kellogg Chief Information Security Officer
Marra Austin Director, Procurement

Role:  The Executive Sponsors will provide oversight and support to ensure compliance is met.  Specific responsibilities include:

  • Review and monitor compliance milestones, quarterly.
  • Review and render decisions on e-commerce and compliance issues submitted by the PCI Committee, as needed.