Governance and Compliance Requirements for Payment Card Activities

The University is committed to protecting cardholder data from loss or compromise. Consistent with that commitment, the University requires adherence to the Payment Card Industry Data Security Standards (PCI-DSS). In addition to protecting cardholder data, adherence to PCI-DSS reduces the likelihood of fines, penalties, and reputational damage to the University associated with data breaches.The University’s adherence to the PCI-DSS is a contractual requirement. This policy identifies the administrative offices responsible for establishing business processes for University units that process, store, or transmit cardholder data. Cardholder data are “highly sensitive data” subject to the security requirements of University policy and must be protected in accordance with all related University policies, standards, and procedures in addition to the PCI-DSS.[Note: The aligned policy for the Medical Center is