E-Business Security Review
Securing customer information is a critical component of all e-business
initiatives. Individual merchant locations are ultimately responsible
for ensuring that customer information obtained via a financial transaction
is safe and secure.
- The E-Business Resource Group (ERG)
initiates a security review of
all e-business proposals. The review is conducted
by individuals from the ERG and CSSD and consists of a detailed
application of e-business security guidelines to all components
Please refer to ERG
Security Guidelines for a complete list of security
concerns that should be
addressed when proposing
an e-business initiative. In addition to the ERG security
guidelines, please refer to the University’s Customer
Information Security Plan for the actions that
should be taken by each merchant
location to ensure compliance concerning customer information.
- All proposals must meet the
regulatory guidelines outlined in the University’s
Customer Information Security Plan prior to their approval
by the ERG.
- Once the review is complete, a written
recommendation is provided to the merchant location outlining
any security concerns
that were identified during the review. Security concerns,
relative risk, and suggested solutions are identified.
- In the
event that a proposal may represent a high security risk,
the outlined security concerns will also be forwarded
Audit. If there are no security concerns that are considered
a high risk, the ERG security recommendations will be forwarded
to the unit.
- Once the unit has had an opportunity
to review the recommendations, the ERG representative will contact
the unit to discuss any of
their concerns regarding the recommendations.
- If the unit does not accept the recommendations
in part or in whole the ERG will notify and follow-up with
- Once the security review is complete
and any security concerns have been resolved, the merchant
location will complete
the GLB compliance documentation outlined in the University’s
Customer Information Security Plan. All correspondence
and documentation should be forwarded to Robert F. Pack,
Vice Provost and University Customer Information Security