Educause Security Discussion
mailing list archives
Re: PCI Compliance Policies
From: "Jones, Dan" <Dan.Jones () UMASSMED EDU>
Date: Thu, 19 Jul 2007 14:41:44 -0400
Here is the compliance timeline:
By September 30, 2007 - Provide the name of the chosen Approved Scanning
By December 31, 2007 - Provide the signed Prohibited Data Retention
Attestation Form and provide the first quarterly scan results. (NOTE:
In order to avoid potential fines, the Attestation must confirm that
there is NO evidence of prohibited data storage subsequent to
By March 31, 2008 - Provide the initial Self Assessment Questionnaire.
By June 30, 2008 - Provide a passing Self Assessment Questionnaire and
passing vulnerability scan results confirming that your organization is
PCI compliant. An executive level officer of your organization must
also sign the attached Confirmation of Report Accuracy and include it
with the passing Self Assessment Questionnaire.
From: Roger Safian [mailto:r-safian () NORTHWESTERN EDU]
Sent: Thursday, July 19, 2007 1:20 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] PCI Compliance Policies
At 12:14 PM 7/19/2007, Theresa M Rowe put fingers to keyboard and wrote:
Is ANYONE going to be compliant by the September deadline?? Did you
consultant to get there?
What is the September deadline? I thought compliance was supposed to
FWIW, we're still working on compliance...it's pretty time consuming.
Roger A. Safian
r-safian () northwestern edu (email) public key available on many key
(847) 491-4058 (voice)
(847) 467-6500 (Fax) "You're never too old to have a great childhood!"
- Re: PCI Compliance Policies, (continued)