The Associate Vice-President, Financial Resources and Chief Information Office (CIO) have delegated authority to their respective designees. One such designee is the PCI DSS Committee. The PCI DSS Committee is mandated to meet every quarter.
PCI DSS Governance
The Associate Vice-President (AVP) Financial Resources and Chief Information Officer (CIO) have overall authority to ensure PCI DSS compliance at the University of Ottawa.
Overall authority
PCI DSS Committee
Membership
|
PCI committee member |
Role |
Voting member |
|---|---|---|
|
Associate Vice-President, Financial Resources |
Co-Chair |
Yes |
|
Director, Financial Accounting |
NA |
No |
|
Chief Information Officer |
Co-Chair |
Yes |
|
Senior Director, IT Solutions |
NA |
No |
|
Director, Internal Audit |
NA |
Yes |
|
Analyst, PCI DSS Compliance |
Secretary |
No |
Mandate
The PCI DSS Committee is a cross-organizational governance body that ensures that the University remains compliant with the Payment Card Industry Data Security Standard (PCI DSS).
Duties and responsibilities
- Develop and maintain policies, procedures, and standards for University payment card merchants and monitor their compliance with these standards.
- Review the results of the annual payment card compliance process.
- Review a payment card acceptance policy exemption when needed.
- Act as a forum to keep track of communications made between the various stakeholders.
- Along with the Access to Information and Privacy Office (AIPO), coordinate the University’s response to any suspected data incidents that involve credit card information.