Presentation is loading. Please wait.

Presentation is loading. Please wait.

PCard Sensitive and Protected Information Procedures

Published byLoren Beasley Modified over 6 years ago

Similar presentations

Presentation on theme: "PCard Sensitive and Protected Information Procedures"— Presentation transcript:

1 PCard Sensitive and Protected Information Procedures

2 Sensitive and Protected Information
HSC or Main Information Security Office Must review and approve any transaction where a vendor will access, modify, store or transmit Sensitive and Protected Information HIPAA FERPA (Student Grades and all personal information) PCI (Credit Card Number) SSN Direct Deposit Information; Student Loan Information; Banner ID

3 Sensitive and Protected Information
Examples of transactions that are flagged when security approval is not included with the PCard Log Cloud Services Conference Calling Online Data Storage Online Meetings (Webex) Transcription Services Web Hosting

4 HSC Security Office Complete the Preliminary Security Review Form and submit it to the HSC Information Security Office using the address below. Please indicate the nature of the information that the vendor will access, modify, store or transmit (i.e., confidential data or data subject to HIPAA, FERPA, PCI, or other security requirements). The HSC Information Security Office will assess the submitted information and advise you with regard to IT security requirements that apply. When the identified security requirements have been met the HSC Information Security Office will notify you along with the PCard Office of the outcome of the completed IT security review. UNM Health Sciences Center Information Security Office * Website: * HSC Information Security Office: * HSC ISO: Note: Purchases involving the sharing of UNM/HSC data with third parties may require an agreement, for example, a Data Use Agreement (DUA), to define responsibilities, allowed data uses and disposal of data at the end of the contract period. Purchases that require legal agreements are not supported using a PCard.

5 Main Security Office To request a review, open a Help.UNM service request Help.UNM -> Information Security and Account Access-> IT Security Compliance or Forensics Request Be sure to attach the completed Security Questionnaire for vendors to the service request, available from the link below: Login: \colleges\NetId Password: NetId Password Purchase requests involving third party/ vendor access to SSN also require the following form to be completed and attached to the request: Purchasing requests involving SPI must attach the approval of the appropriate data steward for any SPI to the service request. For Health Sciences Systems purchase requests, please be sure to indicate the nature of the sensitive information that will be shared with the third party. Healthcare/HIPAA related requests for the Health Sciences System are reviewed by the HSC Information Security Office. Please contact for more information, or see In addition, at the end of the contract period, vendors with access to private data must certify in writing that all confidential data was either returned to UNM in a form approved by UNM or that all confidential data was destroyed. For HSC requests, once a Security Review has been completed have the HSC Information Security Office reply to this with a copy of the completed Security Review. If all other Purchasing requirements have been met your request will be processed.

Download ppt "PCard Sensitive and Protected Information Procedures"

Similar presentations

Financial Services Workshop Margaret Umphrey ECU Information Security Officer March 12, 2014 1IT Security, East Carolina University.

Financial Services Workshop Margaret Umphrey ECU Information Security Officer March 12, IT Security, East Carolina University.
Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
An introduction to the State’s E-mail Encryption Service State of Minnesota Office of Enterprise Technology and Department of Human Services.

An introduction to the State’s Encryption Service State of Minnesota Office of Enterprise Technology and Department of Human Services.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
The Sports Authority Fundraising Sign-up Instructions.

The Sports Authority Fundraising Sign-up Instructions.
Information Privacy and Compliance Training For All Brigham Young University– Idaho Employees.

Information Privacy and Compliance Training For All Brigham Young University– Idaho Employees.
Navigating the trustkeeper.net Portal 2011 PCI:DSS Compliance Validation UCSF Controller’s Office.

Navigating the trustkeeper.net Portal 2011 PCI:DSS Compliance Validation UCSF Controller’s Office.
Information Security Awareness April 13, 2003. Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.

Information Security Awareness April 13, Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.
1 Goal is protection of sensitive data New Rice policy calls for protection of sensitive personally identifying information Confidential information includes:

1 Goal is protection of sensitive data New Rice policy calls for protection of sensitive personally identifying information Confidential information includes:
Motor Fuels IFTA/Intrastate E-File

Motor Fuels IFTA/Intrastate E-File
DACC Business Office Internal Procurement Card Process Scanning Requirements Are in Addition to the Current Internal Process Original Receipts and PCard.

DACC Business Office Internal Procurement Card Process Scanning Requirements Are in Addition to the Current Internal Process Original Receipts and PCard.
FINANCIAL INTERACTIONS UNIVERSITY HOSPITAL, SANDOVAL REGIONAL MEDICAL CENTER AND UNM MEDICAL GROUP Laura Putz, Associate Controller 4/24/14.

FINANCIAL INTERACTIONS UNIVERSITY HOSPITAL, SANDOVAL REGIONAL MEDICAL CENTER AND UNM MEDICAL GROUP Laura Putz, Associate Controller 4/24/14.
Fire Officer Strategy and Tactics (FOST) State Certification Practical Examination PART “A” May 2009.

Fire Officer Strategy and Tactics (FOST) State Certification Practical Examination PART “A” May 2009.
2015 ANNUAL TRAINING By: Denise Goff

2015 ANNUAL TRAINING By: Denise Goff
1 Welcome to GE! The attached presentation has been put together to assist you in completing your required I-9 form through the use of our I-9 wizard.

1 Welcome to GE! The attached presentation has been put together to assist you in completing your required I-9 form through the use of our I-9 wizard.
Registering for MasteringEngineering™ www.masteringengineering.com.

Registering for MasteringEngineering™
1 MyLicense Log in/Register Login to the MyLicense application with an existing User Account. OR Create a new User Account with the Register link at the.

1 MyLicense Log in/Register Login to the MyLicense application with an existing User Account. OR Create a new User Account with the Register link at the.
IT Websites What you’re expected to know…. Websites to be covered IThink.ou.edu pay.ou.edu it.ou.edu studentservices.ou.edu alerts.ou.edu support.ou.edu.

IT Websites What you’re expected to know…. Websites to be covered IThink.ou.edu pay.ou.edu it.ou.edu studentservices.ou.edu alerts.ou.edu support.ou.edu.
Procurement Card Presented By: Denise Matias, CAH February 1, 2012.

Procurement Card Presented By: Denise Matias, CAH February 1, 2012.
How Can NRCS Clients Use the Conservation Client Gateway

How Can NRCS Clients Use the Conservation Client Gateway

Similar presentations

Ads by Google