PCI-DSS Security Policy

This policy sets out the requirements for protecting the security of all credit and debit card payments received and processed by the University, which are governed by the Payment Card Industry Data Security Standard (PCI-DSS) (the Standard).

Compliance with the Standard is mandatory for any company or organisation which stores, processes, or transmits payment cardholder data. Failure to comply with these requirements could result in the University being fined and no longer permitted to process card payments.

The policy applies to staff associated with the Cardholder Data Environment (CDE)[1] including anyone who even on a temporary basis processes card payments.

Related downloads