In response to increasing International, Federal, and State regulations as well as contractual agreements defining data security, the Compliance team engages elements of Information Technology Services and the Office of the Corporate Controller to assess units’ ability to achieve control requirements of University policy, contractual agreements, or legislation relative to protected data. The Compliance team also facilitates validating controls with external authority when required.
The Payment Card Industry Data Security Standard (PCI DSS)
The Payment Card Industry Data Security Standard (PCI DSS) applies to the areas of Penn State where credit cards are accepted for payment. The DSS is an external business agreement to protect credit card data composed of 12 base requirements.
To help units fulfill these requirements the compliance team will:
- Assist units to educate credit card merchant staff and raise awareness of security practices.
- Perform annual assessments and penetration tests of merchant environments.
- Perform quarterly vulnerability assessments internally and oversee external vulnerability assessment.
- Assist units with annual compliance validation documentation.
- Assist with implementation of new or changing payment services.
- Lead credit card data breach incident response.