Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: RuffaloCODY Fundraising Management question
From: Walter Petruska <wpetruska () USFCA EDU>
Date: Fri, 21 Jun 2013 16:45:54 -0400

Thanks, Jon.

I've received many replies which lead me to believe that we've had
near-universal experiences leaving us wishing for a better standard
services agreement from RuffaloCODY.

We're on negotiated version 3, which (surprise surprise) finally nails down
language over who is responsible for what- and what the delineation is
between PCI scopes between RC and USF.

As a way of asking what you ended up with- do you have a picture/drawing or
verbal description over what components, systems and people are in PCI
scope to which party?


On Thu, Jun 20, 2013 at 1:39 PM, Allen, Jon D. <Jon_Allen () baylor edu> wrote:

We went through a long process on this one. I am happy to talk.

Thanks,

_________________________________
Jon Allen, CISSP, EnCE
Assistant Vice President &
Chief Information Security Officer
254.710.4793<tel:254.710.4793>

[Description: Description: bearawarefinal]
        www.baylor.edu/bearaware<http://www.baylor.edu/bearaware>

On Jun 20, 2013, at 11:20 AM, "Coffman, Tobiah" <tcoffman () BSU EDU<mailto:
tcoffman () BSU EDU>> wrote:

Walter,

We have RuffaloCODY on our campus.  I have somewhat limited knowledge of
the setup, but I can answer what I know and try to get answers for anything
else.

-Tobey Coffman, CISSP
Director of Information Security
Ball State University

From: The EDUCAUSE Security Constituent Group Listserv [mailto:
SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Walter Petruska
Sent: Wednesday, June 19, 2013 3:07 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] RuffaloCODY Fundraising Management question

Could any of you who have RuffaloCODY as a service provider, operating ON
your campus (and therefore within your facilities/on your network, etc.)
please contact me directly (off-list) for a brief discussion.

The topic is past performance, and specifically, PCI-compliance and where
to draw the contract and technology and organizational lines to maintain
compliance of each party (RuffaloCODY & your institution)
Thanks much-

--
Walter Petruska CISSP, CISA, CGEIT
Information Security Officer
infosec.usfca.edu<http://infosec.usfca.edu>

[http://www.usfca.edu/images/usflogo_tag_180.png]

University of San Francisco
Lone Mountain North - 2nd Floor
2130 Fulton Street
San Francisco, CA 94117
ITS Help Desk, Phone: 415-422-6668




-- 
*Walter Petruska CISSP, CISA, CGEIT*
*Information Security Officer*
infosec.usfca.edu



*University of San Francisco*
Lone Mountain North - 2nd Floor
2130 Fulton Street
San Francisco, CA 94117
*ITS Help Desk*, Phone: 415-422-6668

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault