[Madlug] PCI Dss
jiml at mail.slh.wisc.edu
Sat Dec 12 21:55:01 CST 2009
> Do any of you have to deal with PCI standards? (credit card processing
> security standards).
> We are getting beaten up by our credit card processor to prove our
You can get hit with PCI-DSS even if you aren't doing credit cards, as
is becoming the not-so-stealthy legal standard of due care, and at the
UW-Madison is required for all "restricted" category data (covered by
HIPAA, the WI identity theft statute, ...).
It can be onerous; American Family is rumored to have invested 5-10 M$
and about 600 man-years in their compliance work. As an insurance
company financial integrity is a strategic necessity.
If you want to go local, I think Berbee/CDW might be able to audit,
though I don't know if they are certified. Definitely start with
the self assessment questionnaire, including the auditing guidelines,
which add a lot of useful detail.
-- Jim Leinweber
State Laboratory of Hygiene, University of Wisconsin - Madison
<jiml at slh.wisc.edu> 2810 Walton Commons West; phone +1 608 221 6281
PGP fp: 2E36 47BC DB03 57CE 86AD 19CC 41A1 9179 5C6B C8B9
More information about the Madlug