University of Pittsburgh | Pitt Home | Find People | Contact Us
E-Business Resource Group

E-Business Security Review Process

Securing customer information is a critical component of all e-business initiatives. Individual merchant locations are ultimately responsible for ensuring that customer information obtained via a financial transaction is safe and secure.
  • The E-Business Resource Group (ERG) initiates a security review of all e-business proposals. The review is conducted by individuals from the ERG and CSSD and consists of a detailed application of e-business security guidelines to all components and processes.

    Please refer to ERG Security Guidelines for a complete list of security concerns that should be addressed when proposing an e-business initiative. In addition to the ERG security guidelines, please refer to the University’s Customer Information Security Plan for the actions that should be taken by each merchant location to ensure compliance concerning customer information.

    • All proposals must meet the regulatory guidelines outlined in the University’s Customer Information Security Plan prior to their approval by the ERG.
  • Once the review is complete, a written recommendation is provided to the merchant location outlining any security concerns that were identified during the review. Security concerns, relative risk, and suggested solutions are identified.
    • In the event that a proposal may represent a high security risk, the outlined security concerns will also be forwarded to Internal Audit. If there are no security concerns that are considered a high risk, the ERG security recommendations will be forwarded directly to the unit.
  • Once the unit has had an opportunity to review the recommendations, the ERG representative will contact the unit to discuss any of their concerns regarding the recommendations.
  • If the unit does not accept the recommendations in part or in whole the ERG will notify and follow-up with that unit’s senior administrator
  • Once the security review is complete and any security concerns have been resolved, the merchant location will complete the GLB compliance documentation outlined in the University’s Customer Information Security Plan. All correspondence and documentation should be forwarded to Robert F. Pack, Vice Provost and University Customer Information Security Officer.

E-Business Home