Areas of responsibility defined across College in connection with PCI DSS:
- Treasury
- Determine and advise on appropriate procedures to ensure compliance
- Manage internal communication on what is required for compliance and the implication of not being compliant (including training scheme for relevant staff)
- Maintain list of current suppliers (stakeholders)
- ICT
- Ensure IT systems, processes and infrastructure are compliant with PCI DSS
- Responsible for IT infrastructure and policies
- Make recommendations on improvements in security and implement necessary changes
- Notify key contacts within College of any changes in requirements
- Annual review of how secure relevant IT systems are
- HR
- Assist in the definition of roles and responsibilities
- Define and ensure compliance rules and regulations and present within staff contracts and maintained
- Define action to be taken for non-compliance
- Legal Services
- Keep informed of developments in regulatory requirements related to PCI DSS
- Data Protection officer advises on best practice for retaining personal data
- Processing departments (e.g. Alumni Office, Catering & Library Services)
- Develop procedures based on guidance provided by Treasury
- Identify ley contact within department who will liaise with PCI Compliance Officer
- PCI DSS Committee
- Ensure policy is maintained and up to date
- Prepare response to annual Self-Assessment Questionnaire
- Review list of key contacts to ensure coverage is complete
- PCI Compliance Officer
- Maintain log of breaches and report breaches to Chief Financial Officer
- Report to PCI Compliance Committee on outcomes of annual tests
- Sign the completed annual Self-Assessment Questionnaire and return to card acquirers
- Internal Audit
- Review processes and procedures on site visit