FundSvcs Community

 View Only
Back to discussions
Expand all | Collapse all

PCI Compliance and Board Members participating in fundraising call campaigns

  • 1.  PCI Compliance and Board Members participating in fundraising call campaigns

    Posted 10-05-2022 11:05 AM

    Hi all,
    I'm developing a new training for staff for PCI Compliance. I referenced the PCI compliance documents found in AASP best practices to develop/refine the policy.

    For staff members, this is straightforward. However, my understanding is that "anyone who could conceivably hold a full credit card number" must be trained in PCI compliance relevant to their role. We want to have board members participate in a call campaign to donors this year. It seems like board members should take the training, or at least a condensed version of it. 

    Do you have board members take a version of a PCI Compliance training before participating in a call campaign to donors? If so, how do you keep track of that/ verify they have completed it? For staff, I can keep track of whether they've completed the training in our payroll system, but I don't have that option for board members.

    Any thoughts would be much appreciated!

    Leslie



    ------------------------------
    Leslie Proudfoot
    Director, Philanthropy Operations
    GRID Alternatives
    lproudfoot@gridalternatives.org
    ------------------------------


  • 2.  RE: PCI Compliance and Board Members participating in fundraising call campaigns

    Posted 10-05-2022 11:14 AM
    A nearly all of the organizations I have visited (and worked for!), PCI compliance training and education were coordinated through the IT Division.  While Advancement Offices often have slight nuances, credit card security is not limited to gift giving.

    This comment suggests that your Board members are institutional representatives - not just Advancement reps.  Therefore, you might want to run this question by the institutional compliance officer.

    I do think training Board members on all relevant systems and process is a good thing.  That also includes the Advancement CRM.  It is within that CRM you can note training completions as either an "activity" or "event" or something similar.

    John

    John H. Taylor
    Principal
    John H. Taylor Consulting, LLC
    2604 Sevier St.
    Durham, NC   27705
    919.816.5903 (cell/text)

    Serving the Advancement Community Since 1987




    Original Message


Related Content