Darn tooting, Victor!
Yes - the entire institution must be PCI compliant - although there are
degrees of compliance (meaning what you can or cannot do in a particular
department).
I don't think you can self-certify. You need to use a qualified security
assessor. But I bet your IT Director already uses one of those:
https://www.pcisecuritystandards.org/pci_security/how
John
John H. Taylor
Principal, John H. Taylor Consulting
2604 Sevier St.
Durham, NC 27705
johntaylorconsulting@gmail.com
919.816.5903 (cell/text)
Serving the Advancement Community Since 1987
On Wed, May 29, 2019 at 4:11 PM Victor Nuovo <
vnuovo@nmhschool.org> wrote:
> Can your IT department support you in this, since the whole institution
> needs to be PCI compliant, not just Advancment?
>
> Victor
>
> On Wed, May 29, 2019 at 2:32 PM Ann Carman <
carmana@hartwick.edu> wrote:
>
>> I'm new to PCI Compliance. Is it necessary to have a consultant or is
>> this something I can do on my own? Do you have to be certified? Can
>> anyone share their policies and checklist with me?
>>
>
>
> --
> *Victor Nuovo '77 P'19* | Senior Director of Advancement
> Northfield Mount Hermon
> p: 413-498-3671
>
vnuovo@nmhschool.org
>
> Join me and support <https://community.nmhschool.org/NMHFund> NMH’s
> distinct education for the head, heart, and hand.
>
> One Lamplighter Way, Mount Hermon, MA 01354 nmhschool.org
> <http://www.nmhschool.org/>
>
>
> ------------------------------
> NMH CONFIDENTIALITY NOTICE: This transmission may contain privileged and
> confidential information, including information protected by federal and
> state privacy laws such as HIPAA and FERPA. It is intended only for the use
> of the person(s) named above. If you are not the intended recipient, please
> contact the sender by reply email or by telephone, and destroy all copies
> of the original message.
>