Penn State University | Information Privacy and Security

home | phase i | phase i focus
Phase I Focus

Phase I will focus on PCI DSS compliance for all PSU areas processing credit cards. Certain high-risk environments with other personally identifiable information storage will also be reviewed in Phase I.

This will require significant departmental commitment of staff time and departmental budget allocations to determine the current state of your area's data security and subsequent actions to correct any defi ciencies. Ongoing obligations to maintain compliance will need to be planned and implemented. Project Plan Summary, Phase I.

Who this Affects

Phase I affects anyone working in a Card Processing Environment (CPE). This includes credit card merchants, staff processing, transmitting or storing cardholder information and database and/or techincal administrators who administer the equipment where the data resides, processes or transmits.

Staff working in the CPE must meet the annual and ongoing security requirements as outlined in the PCI DSS. This includes but is not limited to annual training, the completion of the Self Assessment Questionnaire and using best practices when handling cardholder data.


...home PHASE I PCI DSS FAQs Fact Sheet Best Practices Supporting Tools PSU Policies Links of Interest Educational Offerings	home \| phase i \| phase i focus Phase I Focus Phase I will focus on PCI DSS compliance for all PSU areas processing credit cards. Certain high-risk environments with other personally identifiable information storage will also be reviewed in Phase I. This will require significant departmental commitment of staff time and departmental budget allocations to determine the current state of your area's data security and subsequent actions to correct any defi ciencies. Ongoing obligations to maintain compliance will need to be planned and implemented. Project Plan Summary, Phase I. Who this Affects Phase I affects anyone working in a Card Processing Environment (CPE). This includes credit card merchants, staff processing, transmitting or storing cardholder information and database and/or techincal administrators who administer the equipment where the data resides, processes or transmits. Staff working in the CPE must meet the annual and ongoing security requirements as outlined in the PCI DSS. This includes but is not limited to annual training, the completion of the Self Assessment Questionnaire and using best practices when handling cardholder data.
Site Index \| Privacy and Legal Statements \| Copyright 2007 The Pennsylvania State University \| Contact Us