September 15, 2011
Consent Agenda Item #3a
UAM Revision
5,304 – Use of University Space by Non-University Organizations, Groups, and Individuals
5,309 – Fundraiser and Concert Policy
RATIONALE FOR CHANGE: Revisions were made as a result of an outside review and an internal audit
to address issues with university groups hosting non-university events for non-university. Committee
recommends combining policies for easier UAM navigation.
Use of University Space by Non-University
Organizations, Groups, and Individuals
5,304
Revised: 3-31-98 August 2011
The University and its facilities are deemed to be a “non-public forum,” except for those specific areas
identified as “public forums” in section 5,303. The University and its facilities shall be used only in
accordance with federal, state, and local laws and shall not be used for the purpose of organizing or carrying
out any unlawful activity. The University and its facilities are provided primarily for the support of the regular
educational functions of the university and the activities necessary for the support of these functions which
take precedence over any other activities.
All persons on university property are required to abide by university policies and regulations of the Board of
Regents and shall identify themselves upon request to university officials or appropriate university employees
acting in the performance of their duties.
Use of University Space by Non-University Organizations, Groups, and Individuals
Arrangements to use designated areas must be made in advance through the Scheduling Services Office and are subject to
cancellation when in conflict with major university events. The fee structure is available from the Scheduling Services
Office. A signed application must be on file in the Scheduling Services Office prior to the start of an event. The University
does not assume responsibility for licensing and taxes. Both licensing and any applicable state or local taxes are the
responsibility of the commercial enterprise utilizing university facilities. Off campus groups are prohibited from using
campus software in centrally scheduled space; however they may utilize their own cord and laptop for use with a
university video presenter.
Actions by non-university organizations, groups, and individuals shall be consistent with the maintenance of
university facilities and the free flow of persons and shall not interfere with other scheduled activities.
Interference with entrances to buildings, classrooms, offices or study areas is strictly prohibited.
Sponsored Use of Space by Non-University Organizations, Groups, and Individuals
An event is sponsored when there is a non-university group involved and the event is not directly related to the
purpose or mission of the university, and/or if the proceeds are not kept on campus. A university official who has
authority to sign for funds for a university organization, department, unit, or division can act as a sponsor on the “official
representative” on behalf of that the university group and is hereafter denoted as “official representative sponsoring the
non-university group/event. An individual cannot act as a sponsor on his or her own behalf.
Only an official representative of the university group, who has authority to sign for funds, can enter into a
sponsorship arrangement. The official representative shall request the use of designated university space,
exterior or interior, through the University’s Scheduling Services Office or the Joe Crowley Student Union
(CSU) Scheduling Office. When a university group sponsors an event on campus, fees shall apply and
guidelines will be provided from the Scheduling Services Office the university group, in addition to the offcampus group or individual, shall be fiscally responsible for all expenses and fees that apply. Rates
shall be at the appropriate non-profit or commercial rate. Guidelines for Scheduling Services can be
found at http://www.unr.edu/scheduling/ and for the CSU Office or
http://www.unr.edu/studentunion/rooms/guidelines.html .
In order for the Scheduling Services Office these offices to review a request, an application form should
must be completed and on file in the Scheduling Services Office appropriate scheduling office, with all
necessary signature approvals, no less than 15 working days in advance of the requested date(s).
Department/unit sponsorship must be approved in writing by the department chairs/directors.
Graduate student organizations must consult with the Graduate Student Association (GSA) advisor.
University recognized undergraduate student groups must submit an application to the Associated
Students of the University of Nevada’s (ASUN) Student Events Advisory Board (SEAB) where, if
approved, the request will be forwarded to the Scheduling Services Office appropriate scheduling office for
final approval. In order for the request to be reviewed by both bodies, an application form should be
submitted no less than 30 working days in advance of the requested date(s).
University groups are limited to sponsoring two outside events per academic year. Written
exceptions to this limit must be approved in advance by the Associate Vice President for Planning,
Budget and Analysis for any centrally scheduled space or by the Associate Vice President of Student
Life Services for events at the CSU.
All notices, advertisements, literature, or other communications for the event must clearly represent the event
as being sponsored by the university group and include contact information. Posting guidelines can be
found at http://www.unr.edu/scheduling/
All billing must go through the group’s university account. If the group does not have a university
account, billing must go through the account of their department, ASUN or GSA. The IPO/Deposit is
due within two weeks of the reservation being made. If it is not received within two weeks the space
may be released and the group may lose scheduling privileges and/or incur additional charges.
In addition to all expenses, the university group must pay a sponsoring fee. Fees can be found at the
appropriate scheduling office website: http://www.unr.edu/scheduling/ for Scheduling Services and
http:www.unr.edu/studentunion/rooms/guidelines.html for the CSU Office.
Responsibility Program responsibility and liability for the event rests with the non-university organization,
group, or individual being sponsored, the university sponsor and the official representative(s). The official
representative(s) or the designee(s) from the sponsoring university group must be physically present at the
event being sponsored for the duration of the event, including set-up and post-event clean-up. Both the
official representative and the designee must be identified on the application form which will remain on file in
the University Scheduling Services Office or CSU Scheduling Office.
Failure to comply with the guidelines will result in sanctions against loss of scheduling privileges for up to
one year for the non-university organization, group, or individual being sponsored and the university
sponsoring group with a loss of privilege to use university facilities for up to one year. Also, the nonuniversity group will lose its campus sponsorship and will be charged as a corporation or a nonprofit.
Appeals of University Scheduling Services Office may be directed to the Associate Vice President for
Planning, Budget and Analysis. Appeals of CSU Scheduling Office decisions may be directed to the
Associate Vice President of Student Life Services.
Fundraiser and Concert Policy
5,309
Revised 3/31/98
University facilities are available for concerts and fundraisers on a space available basis. All expenses
incurred in conjunction with fund raising events must be covered by revenues generated by the event. Refer
to section 1,600 of this manual for details on fund raising.
University. A university department may schedule appropriate concert facilities through the Scheduling
Services Office with one of the following provisions:
1.
2.
Full costs will be assessed
All profits revert to the requesting department.
University Co-Sponsored: A university department may co-sponsor the concert and schedule facilities
through the Scheduling Services Office with the following provisions:
1.
2.
Full Costs will be assessed
12% of gross revenues will be charged with 50% to the co-sponsoring department and 50% to the
Scheduling Services Office.
Non-University: a non university organization may schedule the appropriate facilities through the Scheduling
Services Office.
Fundraising and Concerts
University facilities are available for concerts and fundraisers on a space available basis. All
expenses incurred in conjunction with fundraising events must be covered by the sponsoring
campus organization. Refer to section 1,600 of this manual for details on fundraising. Advanced
deposits covering all expenses are required from the group hosting the event.
University Event: A university department may schedule appropriate facilities through the
University Scheduling Services Office or the CSU Scheduling Office with the following provisions:
1. Full costs will be assessed.
2. All profits revert to the requesting department
University Co-Sponsored Event: A university department may co-sponsor an event and schedule
facilities through the University Scheduling Services Office or the CSU Scheduling Office. In
addition to all expenses, the university group must pay a sponsoring fee.
Non-University Event: A non-university organization may schedule the appropriate facilities
through the University Scheduling Services Office or the CSU Scheduling Office. All expenses
must be paid in advance.
Fees can be found at the appropriate scheduling office website: http://www.unr.edu/scheduling/ for
University Scheduling Services and http://www.unr.edu/studentunion/rooms/guidelines.html for the
CSU Office.
1,030 – Payment Card Industry Compliance Policy
RATIONALE FOR CHANGE: The current credit card security standards and procedures for the University
were not addressed in the UAM.
Payment Card Industry Compliance Policy
1,030
Revised: August 2011
The Payment Card Industry Data Security Standard (PCI-DSS) Program is a mandated set of
security standards that were created by the major credit card companies to offer merchants and
service providers a complete, unified approach to safeguarding cardholder data for all credit card
brands.
The PCI-DSS requirements apply to all payment card network members, merchants and service providers that
store, process or transmit cardholder data. The requirements apply to all methods of credit card processing; the
most comprehensive and demanding of which apply to e-commerce websites and retail POS systems that process
credit cards over the Internet. For more information about this standard visit the official website at:
https://www.pcisecuritystandards.org.
The university’s policy can be viewed at https://security.unr.edu/Document/rd/UNR-ISPP. All employees,
contractors, vendors and third-parties that use, maintain or handle UNR information assets must follow this
policy. The university is committed to these security policies to protect information utilized by the campus in
attaining its business goals.
Responsibilities of Campus Departments
Credit card data is confidential information and access to this data should be limited and granted
only on a business need to know basis. This access should be terminated whenever an employee
changes job duties or terminates employment.
Campus departments are responsible for ensuring that reference checks are done on all classified
and professional employees hired. Campus departments are also responsible for requesting that
Human Resources conduct background checks including pre‐employment, criminal, and credit
history on all potential employees who will have access to systems, networks, or data that contain
credit card information. Cashiers who process transactions with the cardholder present are not
required to have the additional background checks. If a new hire or new transfer will have access to
hard copy credit card data or a newly hired IT person has access to systems, networks or data, the
additional background checks need to be requested by the department.
The Purchasing Department ensures third parties, with whom cardholder data is shared, are
contractually required to adhere to the PCI‐DSS requirements and to acknowledge they are
responsible for the security of the cardholder data which they process.
The Controller’s Office verifies that all employees responsible for processing credit card payments
complete a security awareness training upon hire and at least annually. The on-line training link
can be viewed at https://security.unr.edu/Home/Training. If training is not completed, then the
department’s merchant number will be deactivated.
PCI requirements for credit card receipts
All departments that accept payment via credit card must be aware of and follow the university’s
information security policy by completing the university’s online PCI training annually.
Departments may receive credit card numbers by phone, fax or mail. Credit card data may not be
kept in any electronic format unless the format and method of storage has prior approval from the
UNR Network Security Department. Credit card numbers may be stored on a hard copy which is
kept in a locked, secure location with limited access.
Credit card numbers may not be received via email as this is not a secure transmission method. If
an email is received do not process the payment. Respond to the sender that the payment cannot
be processed through an email request. Make sure the credit card number does not appear in your
response. Immediately delete the original email containing the credit card number.
Departments must obtain written permission from the Controller’s Office to use their own credit
card imprint machine. For temporary use of a credit card imprint machine, contact the Controller’s
Office.
Credit card data is sensitive and confidential and should only be retained in a locked, secure
location as required for business purposes and must be shredded after 120 days. When credit card
data is no longer needed or after 120 days, whichever comes first, the data must be destroyed
using an approved method such as sanitizing, incinerating, pulverizing or shredding. The Network
Security Department can provide assistance with data destruction if needed.
Web sites or web applications
Before a web site or web application may be established to accept credit card payments, the
department must obtain approval in writing from the Network Security Department. Once Network
Security agrees with the proposed web application, the department may obtain a new merchant ID
number by contacting the Controller. The Controller will obtain a merchant ID number from Wells
Fargo and give it to the department to be used for testing the web application. Once the
department has the application set up, they must obtain final approval from the Network Security
Department before they may put the web application into production. The Network Security
Department will notify the Controller in writing that the application is PCI compliant.
Destruction of credit card numbers in copies, scanners and printers
Before a computer or any type of communications equipment (photocopy machines, scanners, and
printers with hard drives) can be sent to a vendor for trade-in, servicing, surplus or disposal, all
confidential or sensitive information must be destroyed or removed according to approved removal
methods such as sanitizing, incinerating, pulverizing or shredding.
Retention of credit card documents for audit, investigation or litigation
If your department is involved in an audit, investigation, or litigation all destruction of records in
your custody must cease. When you are notified that the audit, investigation or litigation has ended
or been resolved you may destroy documents according to this policy.