Last modified:
Overview
In accordance with Payment Card Industry Data Security Standards (PCI DSS) requirements, Stanford University has established a formal policy and supporting procedures for PCI DSS awareness training. This policy is to be implemented immediately. It will be evaluated on an annual basis for ensuring its adequacy and relevancy regarding Stanford University’s needs and goals.
Policy
Stanford University has implemented a formal security awareness program to make all personnel aware of the cardholder data security policy and procedures.
- 31.1 All personnel, whose responsibility involves payment card processing, transmission or storage, are required by PCI DSS to be enrolled and complete the training on annual basis.
- 31.2 For newly required personnel in the merchant departments, Merchant Services team shall notify PCI Compliance team for the initial enrollment.
- 31.3 Once a personnel is enrolled in the PCI DSS Training, the centralized training system will send out notification on annual basis for training certification and subsequent recertification automatically.
- 31.4 If a personnel is no longer required for the PCI DSS Training due to job changes, a notification with the manager’s approval or Merchant Service’s approval is required to send to PCI Compliance team for de-enrollment.
Responsibility for Policy Maintenance
UIT’s PCI Compliance service is responsible for ensuring that the aforementioned policy is kept current as needed for purposes of compliance with the Payment Card Industry Data Security Standards (PCI DSS) initiatives.
