Partner Responsibilities
Responsibilities of the E-commerce Committee
The E-commerce Committee is comprised of the Office of the Comptroller and Information Technology staff representing administrative and functional governance for the security, maintenance and accounting of e-commerce for the Lawrence campus and all reporting units. The committee is chaired by the Assistant Comptroller, Comptroller’s Office – Financial Accounting & Cash Control and co-chaired by the Associate Director, Information Technology – Client Development and Application Services.
- Review and approve or decline each department requesting to establish e-commerce.
- Assist departments in identifying viable e-commerce options for securing and processing payment transactions.
- Review and discuss contractual language, inclusions or exclusions, related to e-commerce with General Counsel, Procurement Services and related departments.
- Facilitate new contractual relationships with e-commerce related suppliers.
- Facilitate startup activities to initiate e-commerce operations as needed.
- Maintain e-commerce operations and troubleshoot issues.
- Track and facilitate training on PCI Compliance.
- Review e-commerce policy annually, updating as needed.
- Suspend or revoke any given card processing operation determined to be non-compliant. Manage each e-commerce breach or non-compliance issues. Assess and determine if department, related applications, servers, network, equipment and contractual obligations satisfactorily meet standards. Assess and determine when a department may resume e-commerce operations.
- Communicate all breach or non-compliance issues and recommendation of release to resume e-commerce operations to the Chief Financial Officer & Vice Provost for Finance and the Chief Information Officer.
- Serve as a liaison with suppliers contracted to provide e-commerce related services to the University within the KU network, such as TouchNet UCommerce.
- Identify and assess compliance with industry best practices and PCI-DSS requirements.
- Investigate suspected policy and security breaches and coordinate the response.
Responsibilities of Information Technology
KU IT Security Office and KU IT Client Development and Applications Services represent Information Technology on the E-commerce Committee. These units primarily engage in network security and enterprise development.
- Serve as a liaison with suppliers contracted to provide e-commerce related services to the University that reside on the KU network, such as TouchNet UCommerce.
- Provide administrative and functional oversight and support of system activity. All University servers that have been approved for this activity must be housed in Information Technology and administered in accordance with the PCI-DSS. All supplier approved servers must comply with PCI-DSS and provide documentation regarding said compliance.
- Provide a central secure infrastructure, computing systems, and networks for the purpose of transacting electronic payments, as required for compliance with industry regulations.
- Establish and maintain security standards for handling and transmitting e-commerce data. Review and approve or decline proposed systems that process and handle payment card transactions. Secure verification of PCI compliance for any application, equipment, device or system proposed for purchase or contractual agreement.
- Provide clear documentation and guidance in utilizing the IT e-commerce infrastructure in engaging in e-commerce transactions.
- Assess and manage PCI compliance and complete all requirements set forth in accordance with guidelines established by PCI SSC. Monitor University systems and networks for non-compliant operations. Arrange for required assessment by a Qualified Security Advisor (QSA) and an Accredited Scanning Vendor (ASV). Facilitate PCI compliance audit, inquiries and submission of related documentation. Manage resolution of any system issues/concerns discovered.
- Facilitate PCI Compliance training.
Responsibilities of the Office of the Comptroller
- Financial Accounting & Cash Control represents the Comptroller’s Office on the E-commerce Committee. This unit primarily engages in accounting and functional oversight for e-commerce.
- Request merchant numbers from processor and arrange banking, and/or other financial services to facilitate settlement.
- Facilitate credit card terminal requests, gateway set-up and administrative and functional access.
- Monitor timeliness of departmental deposits and reconcile settlement of credit card activity with the bank.
- Monitor the use of credit card transactions for compliance with this policy and other University policies, state/federal regulations and contracts with financial institutions.
- Perform an annual review of all merchants to ensure compliance.
- Educate merchants on use of application, equipment, accounting processes, industry best practices and changes within the credit card industry.
- Facilitate PCI Compliance training.