The Associate Vice-President (AVP) Financial Resources and Chief Information Officer (CIO) have overall authority to ensure PCI DSS compliance at the University of Ottawa.

Overall authority

The Associate Vice-President, Financial Resources and Chief Information Office (CIO) have delegated authority to their respective designees. One such designee is the PCI DSS Committee.  The PCI DSS Committee is mandated to meet every quarter. 

PCI DSS Committee

Membership

PCI committee member 

Role 

Voting member 

Associate Vice-President, Financial Resources

Co-Chair

Yes

Director, Financial Accounting

NA

No

Chief Information Officer

Co-Chair   

Yes

Senior Director, IT Solutions

NA

No

Director, Internal Audit

NA

Yes

Analyst, PCI DSS Compliance

Secretary  

No

The PCI DSS Committee is a cross-organizational governance body that ensures that the University remains compliant with the Payment Card Industry Data Security Standard (PCI DSS).

  • Develop and maintain policies, procedures, and standards for University payment card merchants and monitor their compliance with these standards.   
  • Review the results of the annual payment card compliance process.    
  • Review a payment card acceptance policy exemption when needed.    
  • Act as a forum to keep track of communications made between the various stakeholders.   
  • Along with the Access to Information and Privacy Office (AIPO), coordinate the University’s response to any suspected data incidents that involve credit card information.