PCI Policy and Procedure
Payment Card Industry Policies, Procedures, and Standards
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that all companies that process, store or transmit payment card information maintain a secure environment. The Payment Card Industry Security Standards Council (PCI SSC) was created in September 2006 by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB) to manage the evolution of the Payment Card Industry (PCI) security standards with focus on improving payment account security throughout the transaction process. The PCI DSS is administered by the PCI SSC.
University of South Alabama Compliance Statement
USA adheres to the highest standards related to the security of cardholder data and must follow the guidelines set by the PCI DSS. Compliance with this policy is mandatory for all USA faculty, staff, students, merchants, departments, organizations, third-party vendors, individuals, systems, and networks involved in accepting, processing, transmitting, storing, disposing, or have access to cardholder data. Adherence to this policy will help ensure that cardholder data is protected and kept secure from unauthorized access.
A copy of this policy must be read and signed annually by all individuals involved in the payment card process. Signed copies of this policy will be maintained by the respective departments and USA’s PCI Coordinator.
Complete Policies, Procedures, and Standards Lists
7. USA PCI - Data Control and Access Control Policy
8. USA PCI - Data Retention and Disposal Policy
13. USA PCI - Media Destruction Policy
14. USA PCI - Media Device Protection Policy
15. USA PCI - Media Storage and Classification Policy
17. USA PCI - Online Payment Card Policy
18. USA PCI - PAN Masking Policy
19. USA PCI - Payment Systems and Vendor Evaluations Policy
20. USA PCI - PCI DSS Awareness Training Policy
21. USA PCI - PCI Workstation and Laptop Usage Policy
23. USA PCI - Physical Security Policy
29. USA PCI - Security Patch Management Policy
2. USA PCI - Authentication Methods Policy
3. USA PCI - Change Control Policy
4. USA PCI - Configuration Standards for System Components Policy
5. USA PCI - Custom Application Code Audit Policy
6. USA PCI - Database Access and Configuration Policy
9. USA PCI - Default Settings Policy
10. USA PCI - DMZ Configuration and Internet Access to the Cardholder Data Environment Policy
11. USA PCI - Firewall and Router Configurations Policy
12. USA PCI - Firewall Requirements Policy
16. USA PCI - Non-Console Administrative Access Policy
22. USA PCI - Personal Firewall Policy
24. USA PCI - Point to Point Encryption Policy
25. USA PCI - Secure Coding Guidelines and Training Policy
26. USA PCI - Secure Audit Trails Policy
27. USA PCI - Secure Protocols for CHD Transmission Policy
28. USA PCI - Secure Logs and Events Policy
30. USA PCI - Sensitive Authentication and Data Storage Policy