High-level documents that detail a series of actions to achieve the desired end result
- Internal Security and Responsibility Matrix — The Internal Security and Responsibility Matrix RACI chart documents the compliance responsibilities for departments on campus as they relate to overall PCI compliance
Step-by-step documents that provide a specified way of completing a process or activity
- Cardholder Data Collection/Processing Procedures — The University collects cardholder data for the exclusive purpose of processing card transactions, and procedures must be followed for the collection, processing, and disposal of cardholder data.
- Cardholder Data Retention Procedures — ISU does not have a legal, regulatory, or business need to store cardholder data after transactions complete. All cardholder data in ISU possession is deleted immediately after processing.
- PCI-Compliant Password Procedures — The Payment Card Industry requires specific password and remote access procedures
- Physical Device Inspection Procedures — Procedures must exist to maintain inventory and physically inspect physical PCI-compliant devices
Requirements-based documents that define mandatory controls for people and systems
- Payment Card Industry Data Security Standard (PCI DSS) — PCI Security Standards are technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect cardholder data.