Presentation is loading. Please wait.

Presentation is loading. Please wait.

Implementing MA 201 CMR 17.00 in a cultural institution… Richard Snow Director of Information Technology Mount Auburn Cemetery

Published byDaniel Chase Modified over 9 years ago

Similar presentations

Presentation on theme: "Implementing MA 201 CMR 17.00 in a cultural institution… Richard Snow Director of Information Technology Mount Auburn Cemetery"— Presentation transcript:

1 Implementing MA 201 CMR 17.00 in a cultural institution… Richard Snow Director of Information Technology Mount Auburn Cemetery rsnow@mountauburn.org

2 Mount Auburn Cemetery National Historic Landmark Founded 1831 200,000 visitors annually 175 acres of green space Botanical garden, over 5,000 trees 650 Burials annually Still selling new burial space

3 Business Drivers Sales Fundraising Administrative –Personal Information on file –Credit card data on file –What other exposures would we find?

4 Mount Auburn Cemetery People –51 full-time, 11 part-time, and 29 seasonal employees, ~50 volunteers… –WIDE range of computer skills Computer Environment –70 Win XP Workstations –16 servers (12 are VMs)

5 Two big challenges PCI DSS v1.2 –Credit card acquirers charge $20/mo for non compliance –Started impacting us in June, 2010 201 CMR 17.00 –Originally due for implementation Jan 1, 2009 –Went into effect March 1, 2010 Could not do it ourselves –Got funding approval in an off year to bring in consultant (unbudgeted)

6 RFP RFP to three vendors –Had certification in PCI DSS –Were more or less willing to take on a combined engagement –But who has expertise in a moving target? Included SystemExperts after an SC online presentation.

7 Deliverables Gap analysis of multiple requirements Policy workshop External scan –In addition to those provided by CC Acquirers Internal scan Policy review of initial policies

8 A big staff effort Writing all those policies Procedural Changes –Physical Security, Information Handling, Passwords –System configuration Mandatory annual staff training

9 Compliance 201 CMR 17.00 – February, 2010 PCI DSS v 1.2 – September, 2010

10 To Do List Increased documentation and daily work –New deadlines to meet (patching, etc.) –Unanticipated benefits Policies still under revision Enforcement Perpetual training –PowerPoint + WINK = Video on SharePoint

11 Lessons Learned Anticipate and budget for compliance –Both your time and dollars Don’t expect someone to write your policies for you Online compliance sites for MA 201 CMR 17.00 at the low end –But does the customer understand what they are getting?

12 References Mount Auburn Cemetery –www.mountauburn.orgwww.mountauburn.org Rich Snow – rsnow@mountauburn.orgrsnow@mountauburn.org See Wikipedia for references and overview 201 CMR 17.00 PCI DSS www.mass.gov Compliance checklist Statute SystemExperts www.systemexperts.comwww.systemexperts.com

Download ppt "Implementing MA 201 CMR 17.00 in a cultural institution… Richard Snow Director of Information Technology Mount Auburn Cemetery"

Similar presentations

Data Security Best Practices for Non-Profits & Foundations © 2010 Museum of Fine Arts, Boston John C. Newman Highland Street Foundation Breakfast Seminar.

Data Security Best Practices for Non-Profits & Foundations © 2010 Museum of Fine Arts, Boston John C. Newman Highland Street Foundation Breakfast Seminar.
NACUA Fall 2009 Workshop Creating Effective Compliance Programs at Smaller Institutions or on a Limited Budget: Models and Procedures November 11, 2009.

NACUA Fall 2009 Workshop Creating Effective Compliance Programs at Smaller Institutions or on a Limited Budget: Models and Procedures November 11, 2009.
Dr. Cath Jones and Alice Lau Putting Assessment at the Heart of Learning – The Story at The University of Glamorgan.

Dr. Cath Jones and Alice Lau Putting Assessment at the Heart of Learning – The Story at The University of Glamorgan.
Dr. Julian Lo Consulting Director ITIL v3 Expert

Dr. Julian Lo Consulting Director ITIL v3 Expert
Property of the University of Notre Dame Navigating the Regulatory Maze: Notre Dame’s PCI DSS Solution EDUCAUSE Midwest Regional Conference March 17, 2008.

Property of the University of Notre Dame Navigating the Regulatory Maze: Notre Dame’s PCI DSS Solution EDUCAUSE Midwest Regional Conference March 17, 2008.
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.
UNC Charlotte Purchasing Card Training for Auditor Role Annette Heller.

UNC Charlotte Purchasing Card Training for Auditor Role Annette Heller.
GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.

GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.
BEN University Network Technology Proposal. Campus Wide Policies Password polices student/faculty IT Admin accounts Administrative access Hardware Access.

BEN University Network Technology Proposal. Campus Wide Policies Password polices student/faculty IT Admin accounts Administrative access Hardware Access.
Center for Health Care Quality Licensing & Certification Program Evaluation 1 August 2014 rev.

Center for Health Care Quality Licensing & Certification Program Evaluation 1 August 2014 rev.
TRANSFORMATION SPECIFIC REFERENCE TODEVELOPMENT SKILLS DEVELOPMENT STRATEGY IN TERMS OF THE FRAMEWORK AGREEMENT: TRANSFORMATION AND RESTRUCTURING OF.

TRANSFORMATION SPECIFIC REFERENCE TODEVELOPMENT SKILLS DEVELOPMENT STRATEGY IN TERMS OF THE FRAMEWORK AGREEMENT: TRANSFORMATION AND RESTRUCTURING OF.
5 th AMICAL Conference 25 – 28 May 2008 Blagoevgrad, Bulgaria Open Source Applications at AUCA Learning, Teaching and Collaboration.

5 th AMICAL Conference 25 – 28 May 2008 Blagoevgrad, Bulgaria Open Source Applications at AUCA Learning, Teaching and Collaboration.
ISO 14001 Environmental Management System JVC Registration Overview.

ISO Environmental Management System JVC Registration Overview.
Web Advisory Committee June 17, 2009.  Implementing E-commerce at UW  Current Status and Future Plans  PCI Data Security Standard  Questions.

Web Advisory Committee June 17,  Implementing E-commerce at UW  Current Status and Future Plans  PCI Data Security Standard  Questions.
Web accessibility update Presented to Web Advisory March 20, 2013 Jonathan Woodcock.

Web accessibility update Presented to Web Advisory March 20, 2013 Jonathan Woodcock.
What is a résumé? Get noticed in a competitive job market Amanda Collins, Chief of Staff, The Grammar Doctors.

What is a résumé? Get noticed in a competitive job market Amanda Collins, Chief of Staff, The Grammar Doctors.
Making Debt Sales a Part of Your Recovery Strategy Cynthia M. Henry, MBA Director, Collections Division Orlando Utilities Commission Utility Payment Conference.

Making Debt Sales a Part of Your Recovery Strategy Cynthia M. Henry, MBA Director, Collections Division Orlando Utilities Commission Utility Payment Conference.
Financial Resource Management Recommended Best Practices Training for Volunteers and Support Groups.

Financial Resource Management Recommended Best Practices Training for Volunteers and Support Groups.
Date goes here PCI COMPLIANCE: What’s All the Fuss? Mark Banbury Vice President and CIO, Plan Canada.

Date goes here PCI COMPLIANCE: What’s All the Fuss? Mark Banbury Vice President and CIO, Plan Canada.
Security Squad Keeping your Equipment and Information Safe Security Squad Keeping your Equipment and Information Safe Security Squad Video Series, Part.

Security Squad Keeping your Equipment and Information Safe Security Squad Keeping your Equipment and Information Safe Security Squad Video Series, Part.

Similar presentations

Ads by Google