Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Project Management

PCI 3.0

advertisement 
REQUEST FOR
CWU PM SERVICES FOR
PCI V3.1 PROJECT
TABLE OF CONTENTS
EXECUTIVE SUMMARY ................................................................................................................................................. 2
1.
Problem Definition ......................................................................................................................................... 2
2.
Addressing Problem with CWU existing tools and products (i.e. PeopleSoft) ................................................. 3
3.
Organizational Impact .................................................................................................................................... 3
4.
Benefits .......................................................................................................................................................... 4
5.
Strategic Alignment ........................................................................................................................................ 4
6.
Cost ................................................................................................................................................................ 4
7.
Alternatives (add lines as necessary) .............................................................................................................. 4
8.
Timing / Schedule (add lines as necessary) ..................................................................................................... 5
9.
Technology Migration/Resource Identification .............................................................................................. 5
10.
Product Life/Application Sunsetting or Decommissioning .......................................................................... 5
11.
References ................................................................................................................................................. 6
12.
Approvals ................................................................................................................................................... 6
1
EXECUTIVE SUMMARY
Any organization that collects or processes payment card information (credit cards) must
comply with the Payment Card Industry Data Security Standard (PCI DSS). This standard is a
sweeping set of policy and infrastructure requirements for organizations who take credit
card payments. CWU must scope and assess its compliance with the data security
standards and take steps to remediate any outstanding requirements. This business case is
requesting that a Project Manager from the CWU Project Management Office manage the
PCI DSS 3.1 project.
CWU successfully achieved PCI DSS 2.0 compliance this last year. Compliance with the PCI
DSS means that our systems are secure, and customers can trust CWU with their sensitive
payment information. This achievement demonstrates that CWU places a high valued on
security and is following an industry standard that has been developed thoroughly and
comprehensively.
Sponsoring Department(s):
Finance & Business Auxiliaries & Security Services
Date of Business Case Preparation:
4/30/2015
Contact Person Name/Phone:
Joel Klucking, AVP Finance & Business Auxiliaries
963-1167
Jamie Schademan, IS Security Manager
963-2951
New Product/Service/Standard
If there is a draft or sample contract, please provide a copy.
Renewal of Existing Product/Service – if checked, include background information.
If there is a site license agreement, existing contract or new contract draft, please
provide a copy.
1. Problem Definition
As stated above, any organization that collects or processes payment card
information (credit cards) must comply with the Payment Card Industry Data
Security Standard (PCI DSS). CWU is working towards the 3.1 standard and
recognizes the complexity of such an effort, and the need for enterprise level
coordination and communications. This business case is requesting Project
Management resources for the benefits of managing scope, schedule and
communications for the PCI DSS 3.1 project.
2
2. Addressing Problem with CWU existing tools and products (i.e. PeopleSoft)
As previously stated, CWU achieved PCI DSS 2.0 compliance this last year. The
project to gain compliance with the 2.0 standards involved the efforts of multiple
stakeholders and team members from across campus. It also revealed the need for
the benefits of a Project Manager to manage such a large scale project. CWU will
realize the benefits of Project Management involvement by them assisting with
keeping the project on schedule, in scope and helping to manage competing
priorities.
Existing services are provided by CampusGuard, an outside vendor, who assists with
PCI DSS Compliance through an onsite readiness assessment, vulnerability scans,
and consultations.
3. Organizational Impact
The PCI DSS 3.1 project requires time and efforts from the stakeholders throughout
its duration. Having a Project Manager organize meetings, manage the scope &
schedule, and facilitate communications will help to lower the impact the project
will have on stakeholder’s schedules.

Stakeholders
IS Information Security Services
IS Networks & Operations
IS Client & Auxiliary Technology Services
IS Enterprise Applications
Business and Financial Affairs
Merchants:
o Breeze Thru Café
o Catering
o Conference Center
o Connection Card
o Controller’s Office
o Copy Cat Shop
o CWU Center Lynnwood
o CWU Des Moines
o Dining Services CWU
o Foundation/Alumni
o Outdoor Pursuits
o Parking
o Recreation Service Center
o Surplus Sales
o Wildcat Shop
o Wildcat Shop Online
o Wildcat Tickets
3

Potential Partners/Primary Users
CWU has a contract with CampusGuard to provide a PCI audit, readiness
review, vulnerability scanning and a customer compliance portal. They will
be working with the project team throughout the project.

RFP Requirements Contributors (add lines as necessary) – This section may
or may not be required
Department
Name
Not required
4. Benefits
The PCI DSS 3.1 project would benefit from the services and involvement of a
dedicated Project Manager (PM) by their efforts to keep the project on schedule, in
scope and assist in managing competing priorities. The management services of a
PM will also lessen the overall impact to stakeholder’s schedules as well as ensure
the project’s success.
5. Strategic Alignment
5 Resource Development and Stewardship.
5.1 Maximize the financial resources to the university, and assure the efficient
and effective operations of the university through financial stewardship.
5.4 Provide the facility and technology infrastructure and services appropriate to
meet the university objectives, while maximizing sustainability and
stewardship.
5.4.2 Provide facility and technology infrastructures that are accessible, safe,
and secure for all visitors, students, faculty and staff.
6. Cost
The time and commitment from CWU staff is the only budgeted cost to this project.
7. Alternatives (add lines as necessary)
Alternative
Reasons For Not Selecting Alternative
Do nothing
Not an option if we accept credit card
payments at CWU
4
Alternative
Reasons For Not Selecting Alternative
No project management
Risk of scope creep
Increased risk of schedule overrun
8. Timing / Schedule (add lines as necessary)
Task
Target Date
Campus Guard
7/8/2015
Merchant Reports Completed
9/2015
Completion of Campus Guard Recommendations
10/2015
Completion of Internal Sign Off on PCI 3.1 Standard
11/2015
Closing Project Documentation
12/2015
9. Technology Migration/Resource Identification
None required
Resource
Jan
Feb
Mar
Apr
May
June
July
Aug
Sept
Oct
Nov
Project Manager
60
60
60
60
60
60
60
60
Security Services (2
staff)
IS N&O (5 staff)
120
120
120
120
120
120
120
120
40
40
40
40
40
40
40
40
IS Aux (3 staff)
40
40
40
40
40
40
40
40
Merchants (15, time
per merchant)
BFA (Sponsor)
7
7
7
7
7
7
7
7
4
4
4
4
4
4
5
5
Total Hours
10. Product Life/Application Sunsetting or Decommissioning
None
5
Dec
11. References
None provided
12. Approvals
The following actions have been taken by the appropriate Sub-Council (ATAC or NonAcademic Sub-Council) and Enterprise Information System Committee (EISC):
Date
Action
By
5/4/2015
Business Case Approved
EISC
Upon secured funding and approval by the Enterprise Information System Committee (EISC),
Enterprise Facilities Committee, or one of the two Sub-Councils (Academic or Non-Academic),
CWU procurement policies and procedures should be used to initiate a purchase. Please
contact the Purchasing office at x1001 with any questions regarding the procurement process.
If you have any questions, please contact Ginger McIntosh 963-1466, Sue Noce 963-2927 or
Tina Short 963-2910.
6
Related documents
DOC
DOC
Student Employee Conduct Guidance
Student Employee Conduct Guidance
here.
here.
Student Running Start at Central Washington University is very
Student Running Start at Central Washington University is very
Parents Running Start at Central Washington University is very
Parents Running Start at Central Washington University is very
489803607922451Physics teaching rack card
489803607922451Physics teaching rack card
Jin`s Essay - Central Washington University
Jin`s Essay - Central Washington University
CWU Acronyms - Central Washington University
CWU Acronyms - Central Washington University
Download
advertisement