Implementing MA 201 CMR 17.00 in a cultural institution… Richard Snow Director of Information Technology Mount Auburn Cemetery

Slides:



Advertisements
Similar presentations
Data Security Best Practices for Non-Profits & Foundations © 2010 Museum of Fine Arts, Boston John C. Newman Highland Street Foundation Breakfast Seminar.
Advertisements

NACUA Fall 2009 Workshop Creating Effective Compliance Programs at Smaller Institutions or on a Limited Budget: Models and Procedures November 11, 2009.
Dr. Cath Jones and Alice Lau Putting Assessment at the Heart of Learning – The Story at The University of Glamorgan.
Dr. Julian Lo Consulting Director ITIL v3 Expert
Property of the University of Notre Dame Navigating the Regulatory Maze: Notre Dame’s PCI DSS Solution EDUCAUSE Midwest Regional Conference March 17, 2008.
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.
UNC Charlotte Purchasing Card Training for Auditor Role Annette Heller.
GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.
BEN University Network Technology Proposal. Campus Wide Policies Password polices student/faculty IT Admin accounts Administrative access Hardware Access.
Center for Health Care Quality Licensing & Certification Program Evaluation 1 August 2014 rev.
TRANSFORMATION SPECIFIC REFERENCE TODEVELOPMENT SKILLS DEVELOPMENT STRATEGY IN TERMS OF THE FRAMEWORK AGREEMENT: TRANSFORMATION AND RESTRUCTURING OF.
5 th AMICAL Conference 25 – 28 May 2008 Blagoevgrad, Bulgaria Open Source Applications at AUCA Learning, Teaching and Collaboration.
ISO Environmental Management System JVC Registration Overview.
Web Advisory Committee June 17,  Implementing E-commerce at UW  Current Status and Future Plans  PCI Data Security Standard  Questions.
Web accessibility update Presented to Web Advisory March 20, 2013 Jonathan Woodcock.
What is a résumé? Get noticed in a competitive job market Amanda Collins, Chief of Staff, The Grammar Doctors.
Making Debt Sales a Part of Your Recovery Strategy Cynthia M. Henry, MBA Director, Collections Division Orlando Utilities Commission Utility Payment Conference.
Financial Resource Management Recommended Best Practices Training for Volunteers and Support Groups.
Date goes here PCI COMPLIANCE: What’s All the Fuss? Mark Banbury Vice President and CIO, Plan Canada.
Security Squad Keeping your Equipment and Information Safe Security Squad Keeping your Equipment and Information Safe Security Squad Video Series, Part.
Online Registration and Payment Applications for Kentucky Extension.
Interim Executive Director June  Financial Management Practices Audit Results Fiscal Year Audit Results Fiscal Year Internal.
PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.
PCI Compliance Update Presented by: Jeff Gassaway, Information Security Officer – CISSP Lucas Walker, Information Security Analyst – GSEC 1.
The Fifth National HIPAA Summit – October 30, 2002 What to Do Now: Operational Implementation of HIPAA Privacy and Security Training Presented by: Steven.
© Copyright 2010 Hemenway & Barnes LLP H&B
Daily Management of Awards Jennifer Crockett Jennifer Crockett, Director, Sponsored Projects Finance, Columbia University Tamara Hill Tamara Hill, Manager,
STANFORD UNIVERSITY RESEARCH COMPUTING Are we outliers? Institutional minimum security requirements RUTH MARINSHAW OCTOBER 14, 2015.
IT Security Policy: Case Study March 2008 Copyright , All Rights Reserved.
Payroll Certification Demonstration Project Payroll Certification Demonstration Project Now I Know How to do it the Right Way! Rich Andrews University.
© Copyright 2013 Signify Enterprise.com. All rights reserved Executive Summary March 2015.
A N N I S T O N A R M Y D E P O T Clean Air Act Implementation Through an Environmental Management System April 2004.
Planning Personnel Department May 29, 2003 John UptonNicole Bennett.
Project Management Methodology Project Closing. Project closing stage Must be performed for all projects, successfully completed or shut off by management.
Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD.
Irish Institute of Training & Development JOHN SMITH & TREVOR DAGG.
Community Comments MCA Purpose & History 2015 Performance & Activities 2016 Draft Budget 2016 Delegate Election.
Annual Unit Sub Certification of Financial Results and Internal Controls.
Al Lilianstrom CD/LSC/SOS/ESG  Blocked?  Operating Systems  Baselines  Detection  TiSSUE  Compliance  Windows  OS/X  Questions.
ISO Certification For Laboratory Accreditation ISO Certification For Laboratory Accreditation.
Performing Risk Analysis and Testing: Outsource or In-house
What Do I Need To Comply? A written policy for your unit detailing how you process payments; Cash Handling Training, renewed every two years; A safe,
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Internet Payment.
California State University CSUconnect Federation
microsoft dynamics ax training in dubai (msdynamicsaxtraining.com)
Enterprise Content Management Owners Representative Contract Approval
Internal Controls.
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Red Flags Rule An Introduction County College of Morris
Contract Renewal with Food Service Management Companies (FSMC)
Apprenticeships Project Leader
Website Content Management System
Rld pci compliance project
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
New Mexico Department of Health Immunization Program
SPR&I Regional Training
Department of Licensing HP 3000 Replatforming Project Closeout Report
Digitization and Modernization Project
Using Technology to Drive Change: WVU’s Journey to Transform Expense Management Rachel Hays & Caitlin Mutkus, West Virginia University.
League for Innovations Conference March 2018
SHARE Special Project Cash Remediation Phase II Planning and Implementation Certification July 22, 2015 Requesting Agency: Ron Spilman State Controller.
Direct Payments Forum Personal Budget Support Framework 7TH March 2017
University of Northern Colorado
Internal Controls.
Information Technology Organization Overview RFP #220-05
LMS Transition to Canvas
LMS Transition to Canvas
OU BATTLECARD: Oracle Systems Learning Subscription
Internal Controls.
Presentation transcript:

Implementing MA 201 CMR in a cultural institution… Richard Snow Director of Information Technology Mount Auburn Cemetery

Mount Auburn Cemetery National Historic Landmark Founded ,000 visitors annually 175 acres of green space Botanical garden, over 5,000 trees 650 Burials annually Still selling new burial space

Business Drivers Sales Fundraising Administrative –Personal Information on file –Credit card data on file –What other exposures would we find?

Mount Auburn Cemetery People –51 full-time, 11 part-time, and 29 seasonal employees, ~50 volunteers… –WIDE range of computer skills Computer Environment –70 Win XP Workstations –16 servers (12 are VMs)

Two big challenges PCI DSS v1.2 –Credit card acquirers charge $20/mo for non compliance –Started impacting us in June, CMR –Originally due for implementation Jan 1, 2009 –Went into effect March 1, 2010 Could not do it ourselves –Got funding approval in an off year to bring in consultant (unbudgeted)

RFP RFP to three vendors –Had certification in PCI DSS –Were more or less willing to take on a combined engagement –But who has expertise in a moving target? Included SystemExperts after an SC online presentation.

Deliverables Gap analysis of multiple requirements Policy workshop External scan –In addition to those provided by CC Acquirers Internal scan Policy review of initial policies

A big staff effort Writing all those policies Procedural Changes –Physical Security, Information Handling, Passwords –System configuration Mandatory annual staff training

Compliance 201 CMR – February, 2010 PCI DSS v 1.2 – September, 2010

To Do List Increased documentation and daily work –New deadlines to meet (patching, etc.) –Unanticipated benefits Policies still under revision Enforcement Perpetual training –PowerPoint + WINK = Video on SharePoint

Lessons Learned Anticipate and budget for compliance –Both your time and dollars Don’t expect someone to write your policies for you Online compliance sites for MA 201 CMR at the low end –But does the customer understand what they are getting?

References Mount Auburn Cemetery – Rich Snow – See Wikipedia for references and overview 201 CMR PCI DSS Compliance checklist Statute SystemExperts

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.