PCard Sensitive and Protected Information Procedures

Slides:

Advertisements

Similar presentations

Financial Services Workshop Margaret Umphrey ECU Information Security Officer March 12, IT Security, East Carolina University.

Advertisements

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

An introduction to the State’s Encryption Service State of Minnesota Office of Enterprise Technology and Department of Human Services.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Sports Authority Fundraising Sign-up Instructions.

Information Privacy and Compliance Training For All Brigham Young University– Idaho Employees.

Navigating the trustkeeper.net Portal 2011 PCI:DSS Compliance Validation UCSF Controller’s Office.

Information Security Awareness April 13, Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.

1 Goal is protection of sensitive data New Rice policy calls for protection of sensitive personally identifying information Confidential information includes:

Motor Fuels IFTA/Intrastate E-File

DACC Business Office Internal Procurement Card Process Scanning Requirements Are in Addition to the Current Internal Process Original Receipts and PCard.

FINANCIAL INTERACTIONS UNIVERSITY HOSPITAL, SANDOVAL REGIONAL MEDICAL CENTER AND UNM MEDICAL GROUP Laura Putz, Associate Controller 4/24/14.

Fire Officer Strategy and Tactics (FOST) State Certification Practical Examination PART “A” May 2009.

2015 ANNUAL TRAINING By: Denise Goff

1 Welcome to GE! The attached presentation has been put together to assist you in completing your required I-9 form through the use of our I-9 wizard.

Registering for MasteringEngineering™

1 MyLicense Log in/Register Login to the MyLicense application with an existing User Account. OR Create a new User Account with the Register link at the.

IT Websites What you’re expected to know…. Websites to be covered IThink.ou.edu pay.ou.edu it.ou.edu studentservices.ou.edu alerts.ou.edu support.ou.edu.

Procurement Card Presented By: Denise Matias, CAH February 1, 2012.

How Can NRCS Clients Use the Conservation Client Gateway

GPRS Need Help? OJP - OCFO Customer Service Center Payment of Grant Funds.

CSOD LMS External Users Portal August Company Confidential.

What are the rules? Information technology is available to every student, faculty and staff member in support of the essential mission of the University.

Critical Host Database Overview. Critical Host Definition The current policy (which is being updated as we speak) defines a Critical Host as: The current.

P URCHASING C ARD T RAINING FOR R EVIEWERS AND C ARDHOLDERS Presented by Blair Blankinship UB’s Director of Procurement.

Rename ‘How to Order’ to Order Support. Order Support How to Order You may place an order with GeneCopoeia by doing one of the following: 1) Fax to

Northwest Nazarene University introduces PDLearn The CPD’s web access course selection and registration system for students and instructors Instructor.

Registering for MyEnvironmentPlace. Go to Click Books Available.

Vendor Master Record Registration To Register New or Update an Existing Supplier Registration

Data Security at Duke DECEMBER What happened: “At this time, we have no indication that research data or personal data managed by Harvard systems.

1 Group Name Plan Year : 1/1/12-12/31/12. Find and Replace ( to be edited) Getting Started: Enrollment presentations can be shown to your employees to.

VeCollect A tool for managing letters of evaluation / recommendation.

Upay User Guide WELCOME TO UPAY This guide is aimed to help you to use the Upay website. To launch Upay you will need to navigate to

How to CORRECTLY Complete a TEASE Access Request Form.

PURCHASING QUARTERLY MEETING Texas Tech University Health Sciences Center TTUHSC PURCHASING.

Enrollment and Degree Verification Form Revised 06/2016 Process The University of Oklahoma Health Sciences Center Office of Admissions and Records Robert.

Washington State Auditor’s Office Third Party Receipting Presented to Washington Public Ports Association June 2016 Peg Bodin, CISA.

How Can NRCS Clients Use the Conservation Client Gateway

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

Welcome to the Barry University online transcript ordering service.

Spring CAPP Information Presentation

Automated Trip Approval

HIPAA Definitions What Does PHI Include?

Auditing Cloud Services

UGA Extension Credit Card Processing Training

Presented By: Denise Matias, CAH February 1, 2012

PERSONAL DATA PROTECTION ACT 2010

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

Institutional Privacy Challenges

COM Orientation The template can be used to create presentations for community, civic, advocacy and government relations groups. It is also appropriate.

Procurement Reviews Marty Desautels, Associate Controller

Red Flags Rule An Introduction County College of Morris

Credit Card Training Updated

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

Proper registration: Credit for your students and $ for the college

Red Flag Review and Updates

Purchasing Contracts Training

HOW TO REGISTER FOR THE J.P. MORGAN CHASE PAYMENTNET WEBSITE

Supplier Nonconforming Material Report (SNCR) Process

Protecting Your Credit Identity

A tool for managing letters of evaluation / recommendation

A tool for managing letters of evaluation / recommendation

Killeen ISD Accounts Payable.

Loan Submission Guide.

Submitting a Marketplace application form

Colorado “Protections For Consumer Data Privacy” Law

Agency Account Training

Credit Card Training Updated

TRAVEL TRAINING You may access our travel guidelines and forms by visiting:

Presentation transcript:

PCard Sensitive and Protected Information Procedures

Sensitive and Protected Information HSC or Main Information Security Office Must review and approve any transaction where a vendor will access, modify, store or transmit Sensitive and Protected Information HIPAA FERPA (Student Grades and all personal information) PCI (Credit Card Number) SSN Direct Deposit Information; Student Loan Information; Banner ID

Sensitive and Protected Information Examples of transactions that are flagged when security approval is not included with the PCard Log Cloud Services Conference Calling Online Data Storage Online Meetings (Webex) Transcription Services Web Hosting

HSC Security Office Complete the Preliminary Security Review Form and submit it to the HSC Information Security Office using the email address below. Please indicate the nature of the information that the vendor will access, modify, store or transmit (i.e., confidential data or data subject to HIPAA, FERPA, PCI, or other security requirements). The HSC Information Security Office will assess the submitted information and advise you with regard to IT security requirements that apply. When the identified security requirements have been met the HSC Information Security Office will notify you along with the PCard Office of the outcome of the completed IT security review. UNM Health Sciences Center Information Security Office * Website: http://hscsecurity.unm.edu * HSC Information Security Office: HSC-ISO@salud.unm.edu * HSC ISO: bmetzner@salud.unm.edu Note: Purchases involving the sharing of UNM/HSC data with third parties may require an agreement, for example, a Data Use Agreement (DUA), to define responsibilities, allowed data uses and disposal of data at the end of the contract period. Purchases that require legal agreements are not supported using a PCard.

Main Security Office To request a review, open a Help.UNM service request Help.UNM -> Information Security and Account Access-> IT Security Compliance or Forensics Request Be sure to attach the completed Security Questionnaire for vendors to the service request, available from the link below: Login: \colleges\NetId Password: NetId Password https://collaborate.unm.edu/teamsites/infosec/Shared%20with%20Everyone/Preliminary%20Security%20Questionnaire.docx Purchase requests involving third party/ vendor access to SSN also require the following form to be completed and attached to the request: https://collaborate.unm.edu/teamsites/infosec/Shared%20with%20Everyone/UNM%20Vendor%20Security%20Questionnaire.docx Purchasing requests involving SPI must attach the approval of the appropriate data steward for any SPI to the service request. For Health Sciences Systems purchase requests, please be sure to indicate the nature of the sensitive information that will be shared with the third party. Healthcare/HIPAA related requests for the Health Sciences System are reviewed by the HSC Information Security Office. Please contact HSC-ISO@salud.unm.edu for more information, or see http://hscsecurity.unm.edu HSC-ISO@salud.unm.edu In addition, at the end of the contract period, vendors with access to private data must certify in writing that all confidential data was either returned to UNM in a form approved by UNM or that all confidential data was destroyed. For HSC requests, once a Security Review has been completed have the HSC Information Security Office reply to this email with a copy of the completed Security Review. If all other Purchasing requirements have been met your request will be processed.