Policies and Procedures

Policy Number:  3.7001
Subject Area:  Business Services and Finances 
Adopted: 12/18/2017
Revised: 03/25/2024

Kaskaskia College is committed to the safeguarding and protection of cardholder information of students, parents, donors, alumni, customers, and any individual or entity that utilizes a credit or debit card to transact business with Kaskaskia College. The College also seeks to limit unnecessary reputational risk and liability that may result from handling credit and debit cards. The College places priority on remaining in compliance with the complete Payment Card Industry Data Security Standards requirements as established and revised by the PCI Security Standards Council and assigns the necessary resources to this effort. The standards apply to all organizations that store, process, or transmit cardholder data. 

Payment Card Industry Data Security Standards includes technical and operational requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures to prevent credit and debit card fraud, hacking, and various other security vulnerabilities and threats.

The Payment Card Industry Compliance Officer is responsible for the coordination of and oversight of Payment Card Industry compliance and will rely on the Information Technology department for technical guidance. Procedures will be established and maintained regarding general requirements for handling cardholder data, storage and disposal of data, third party vendor agreements, self-assessment, employee training, and reporting a suspected breach. All departments that collect, maintain, or have access to credit and debit card information must comply with established procedures. 

Approval History:  Replaces Payment Card Industry Data Security Standards BF-6 approved December 18, 2017; Revised March 25, 2024.