Areas of responsibility defined across College in connection with PCI DSS:

  • Treasury
    • Determine and advise on appropriate procedures to ensure compliance
    • Manage internal communication on what is required for compliance and the implication of not being compliant (including training scheme for relevant staff)
    • Maintain list of current suppliers (stakeholders)
  • ICT
    • Ensure IT systems, processes and infrastructure are compliant with PCI DSS
    • Responsible for IT infrastructure and policies
      • Make recommendations on improvements in security and implement necessary changes
      • Notify key contacts within College of any changes in requirements
    • Annual review of how secure relevant IT systems are
  • HR
    • Assist in the definition of roles and responsibilities
    • Define and ensure compliance rules and regulations and present within staff contracts and maintained
    • Define action to be taken for non-compliance
  • Legal Services
    • Keep informed of developments in regulatory requirements related to PCI DSS
    • Data Protection officer advises on best practice for retaining personal data
  • Processing departments (e.g. Alumni Office, Catering & Library Services)
    • Develop procedures based on guidance provided by Treasury
    • Identify ley contact within department who will liaise with PCI Compliance Officer
  • PCI DSS Committee
    • Ensure policy is maintained and up to date
    • Prepare response to annual Self-Assessment Questionnaire
    • Review list of key contacts to ensure coverage is complete
  • PCI Compliance Officer
    • Maintain log of breaches and report breaches to Chief Financial Officer
    • Report to PCI Compliance Committee on outcomes of annual tests
    • Sign the completed annual Self-Assessment Questionnaire and return to card acquirers
  • Internal Audit
    • Review processes and procedures on site visit