Polices and Procedures

Board By Law:   
Policy Number:  3.7001
Subject Area:  Business Services and Finances 
Approved Date:  12/18/2017

Kaskaskia College is committed to the safeguarding and protection of cardholder information of students, parents, donors, alumni, customers, and any individual or entity that utilizes a credit card to transact business with Kaskaskia College.  The College also seeks to limit unnecessary reputational risk and liability that may result from handling credit cards.  The College places priority on remaining in compliance with the complete Payment Card Industry Data Security Standards requirements as established and revised by the PCI Security Standards Council and assigns the necessary resources to this effort.  The standards apply to all organizations that store, process, or transmit cardholder data.

Payment Card Industry Data Security Standards includes technical and operational requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures to prevent credit card fraud, hacking, and various other security vulnerabilities and threats.

The Payment Card Industry Compliance Officer is responsible for the coordination of and oversight of Payment Card Industry compliance and will rely on the Information Technology department for technical guidance.  Procedures will be established and maintained regarding general requirements for handling cardholder data, storage and disposal of data, third party vendor agreements, self-assessment, employee training, and reporting a suspected breach.  All departments that collect, maintain, or have access to credit card information must comply with established procedures.

Approval History:  Replaces Payment Card Industry Data Security Standards BF-6 approved December 18, 2017