PCI Compliance Policy

PURPOSE:

Jefferson Community College will adhere to the Payment Card Industry Data Security Standard (PCI DSS) version 1.1, and future versions, which is a set of comprehensive requirements for credit card account data security, developed by a council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa, Inc., to help facilitate the broad adoption of consistent data security measures on a global basis.

STATEMENT OF POLICY:

1. The PCI DSS security standard includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.
   
   
2. PCI Data Security rules change over time. Version 1.1 was adopted in October 2006. This policy pertains to version 1.1 as well as any future versions. Future rules will be using a "Do NOT Store" model, and, therefore, our general security recommendations to units are that they do NOT store ANY sensitive Cardholder Data.
   
   
3. The Jefferson Community College Finance and IT department works with departments that accept, process, store, and transmit credit card data to ensure that all merchant IDs at JCC are in compliance with PCI DSS. PCI standards apply to all types of payments, including in-person, mail, telephone, and Web transactions. JCC is committed to maintaining the security of customer information, including payment cardholder number; name, expiration date, and verification number, and follows best practices for protecting payment card information.
   
   
4. The Board of Trustees hereby authorizes the President, or his/her designee, to develop and establish appropriate standards and procedures to implement and enforce this policy.

Adopted:
June 2012, Res. 128-12