About: The PCI Committee is an oversight committee responsible for ensuring university compliance with the Payment Card Industry Data Security Standards (PCI DSS). In addition, the committee assists in reducing the scope of items needed for PCI DSS compliance by implementing changes set forth by the strategic direction of the university. Specific responsibilities include:
- Maintaining policy and the training for PCI DSS compliance.
- Reviewing proposed software solutions and related procedures for PCI DSS Compliance.
- Onboarding new merchants.
- Advising merchants on policies and procedures, as needed.
- Reviewing related policies and procedures annually.
- Conducting periodic audits of merchant payment card processing.
Committee Membership: The PCI Committee is a standing committee comprised of members from Financial Operations, Information Technology, Internal Audit, Procurement and a merchant representative. The committee is co-chaired by Financial Operations and Information Technology. Email at PCI@wm.edu. The PCI Committee reports directly to a team of Executive Sponsors.
|Financial Operations - Bursar Office, Co-Chair
|McCormack-Nagelsen Tennis Center, W&M Merchant Representative
|Information Technology, Co-Chair
Committee Role: The PCI Committee will provide both decision-making and advisory roles in the execution of its charge.
Initial Charge and Responsibilities
1) Decision-Making Role
- Develop, modify, or append Payment Card policies & procedures for the university.
- Establish training guidelines for working within the payment card solutions and PCI DSS and identify delivery methods.
- Business Processes
- Review all applications to become a credit card merchant and make decisions on usage and content including merchandise.
- Review business contracts where payment processing is included and make determinations for inclusion in existing payment solutions.
- Determine whether any business process change recommendations need to be reviewed for consideration.
- Communications concerning Committee decisions/recommendations
- Communicate to requesters.
- Communicate to community/users.
- Business Solution
- Provide advice to requestors on how various payment card solutions can work for their business area.
- Provide training on PCI Compliance.
- Quality Assurance
- Provide advice about methods to measure systems quality and usage.
|Assistant Vice President, Financial Operations/University Controller
|Director, Internal Audit
|Chief Information Security Officer
Role: The Executive Sponsors will provide oversight and support to ensure compliance is met. Specific responsibilities include:
- Review and monitor compliance milestones, quarterly.
- Review and render decisions on e-commerce and compliance issues submitted by the PCI Committee, as needed.